The NIST recommends against a forced password rotation https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/nists-new-password-rule-book-updated-guidelines-offer-benefits-and-risk
It's bizarre how despite these recommendations I've had multiple workplaces that change passwords monthly. Add stringent complexity requirements, and you get sticky notes everywhere with full logon details.
A sign in button would be about the same level of security.
Take the sign in button and put it on the user's phone that requires biometrics/PIN and you've probably got a pretty darn secure system.
Risk management > blind security rules. The latter is security theatre.
this post was submitted on 30 May 2021
20 points (100.0% liked)
Bitwarden - The unofficial Bitwarden community
922 readers
1 users here now
Please do note that this an unofficial community.
Bitwarden - Open source password manager
Bitwarden is an open source password management platform for individuals, teams, and business organizations.
- https://reddit.com/r/bitwarden
- https://bitwarden.com
- https://bitwarden.com/help/
- https://community.bitwarden.com
- https://vault.bitwarden.com
- https://github.com/bitwarden
founded 3 years ago
MODERATORS