Any company that still insists on forced password resets and frequent changes needs to learn about Social Engineering and Human Factors.
These are the same companies that don't support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?
You are viewing a single comment
All I know is the mortgage servicing company I use seems to have started ~3 month interval, that they don't say (no second factor available either). When I went to pay my internet bill, I get greeted with a message "you're passwords been reset". I'm stubborn and I was just using those sites to pay bills, so now I just don't log in to those anymore.
Insurance, and government need to catch up to the research. For sites that support them, I really like the Yubikey as a second factor.
It won’t be too long now before everyone rolls out Passkey support, which will be nice. I fully embrace the death of the password.
I like your optimism.
And the death of Firefox along with that. Oh boy what a great future.
Not sure why that would kill Firefox. Mozilla has done great work supporting passkeys and while their implementation isn't fully baked at the moment I have no reason to suspect they'll leave it incomplete.