Isn't it weird when all of us individually knew forced password change is more harm than benefit, but it took literally decades for this to become institutionally admitted?
Just imagine, maybe a subset of neurons inside your brains have amazing ideas that could change your life, but it might take decades (or never) for them to surface to the conscious level where you realize "oh, I have an idea".
How to make sure organizations are not less than the sum of their parts?
> Isn't it weird when all of us individually knew forced password change is more harm than benefit, but it took literally decades for this to become institutionally admitted?
The US bank I recently opened an account with (in 2021) is in the S&P 500, publicly traded. The only form of 2FA they support is SMS or some proprietary hardware keychain LCD thing they don't give out for free (which I assume is the M+A great grandchild of those RSA TOTP fobs that were the fad in the 90s).
It's not weird. Most security organizations are wholly incompetent, doing cargo cult security nonsense "because that's the way we've always done it".
Just imagine, maybe a subset of neurons inside your brains have amazing ideas that could change your life, but it might take decades (or never) for them to surface to the conscious level where you realize "oh, I have an idea".
How to make sure organizations are not less than the sum of their parts?