At the very least exfiltration - with long enough passwords, it helps mitigate that.
Of course, you should have other measures in place, such as no administrative access for users, whitelisting of software, etc. As I stated on the other list, not requiring passwords to expire isn't an argument against passwords (complex/long or not), it's an argument for 2fa, which might, or might not, be feasible for a given situation. Kurt On Mon, Apr 25, 2016 at 4:27 PM, Kennedy, Jim <[email protected]> wrote: > > "Even six months is far better than never" > > Why? > > ------------------------------ > *From:* [email protected] [[email protected]] > on behalf of Dave Lum [[email protected]] > *Sent:* Monday, April 25, 2016 6:58 PM > *To:* [email protected] > *Subject:* [NTSysADM] Password expiring debate on patch management > > Anyone see the debate on the Patch management list, driven by this: > https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry > > > > I don’t even know how it’s a debate other than the desired frequency (no > one-size-fits-all on that IMO). Even six months is far better than never. > With expiring passwords you at bare minimum mitigate employee’s that leave. > > > > *David Lum* > > *Systems Administrator III* > *P:** 503.943.2500 <503.943.2500>* > *E:** [email protected] <[email protected]>* > *A:** 1881 SW Naito Parkway, Portland, OR 97201* > > > [image: Facebook Link] <https://www.facebook.com/OCHINinc>[image: Twitter > Link] <https://twitter.com/ochininc>[image: Linkedin Link] > <http://www.linkedin.com/company/ochin> www.ochin.org > [image: OCHIN email] > > > > > > > > > > > Attention: Information contained in this message and or attachments is > intended only for the recipient(s) named above and may contain confidential > and or privileged material that is protected under State or Federal law. If > you are not the intended recipient, any disclosure, copying, distribution > or action taken on it is prohibited. If you believe you have received this > email in error, please contact the sender with a copy to > [email protected], delete this email and destroy all copies. >
