I just received a password expiration notice from district IT.
It is so frustrating that they still use such outdated security practices. We can't even use a password generator because this one password is used for log on to all devices as well as access to all accounts via the SSO dashboard. MFA is also not a thing.
@voltronic Yikes. Hopefully you guys have some sort of breach / credential exposure service.
@loboholic
You're hilarious. Just thousands of people using weak passwords because they have to change them so often.
@voltronic well I work in the ATO / recovered asset realm so hearing that kind of thing always makes me squirm.
@loboholic
If such a thing exists, I'm not aware of it.
@voltronic If what kind of thing exits?
@loboholic
Credential breach notification service.
If one has happened, I've never heard about any mitigation systems.
@voltronic Of course HIBP has been around forever, is free and has an API that can be integrated into various tools. But you get what you pay for. Paid products like SpyCloud offer far superior quality records and actual remediation of exposed passwords.
@voltronic One of my primary suppliers just recovered from a major ransomware incident. They require new passwords every couple of months.
Their system allows you to use the same password at every update. 😂