undefined | Better HN

0 pointsmacintux3y ago0 comments

It gives added incentive to the company to make sure all of their internal passwords are managed via SSO so the users don’t continue to use a password on non-integrated systems after it’s rotated centrally.

And as long as employees are warned in advance, they should be aware of the risk of re-using passwords, which already exists today. If anything, this highlights the fact that if employees are using their company password for some other service, they’re placing their employer at risk.

0 comments

Arainach3y ago

Not all sites are customer sites.

I generally use unique passwords for everything, but I worked many years at a company with a 3-month password rotation policy, and coming up with high-entropy yet memorable passwords was sufficient work that many accounts on machines on my home network used some retired passwords from there.

j / k navigate · click thread line to collapse

0 comments

Arainach3y ago

Not all sites are customer sites.

j / k navigate · click thread line to collapse