https://www.computerworld.com/article/3391365/microsoft-tells-it-admins-to-nix-obsolete-password-reset-practice.html#tk.rss_all
snip: Like Microsoft and NIST, Pescatore thought periodic password resets are the hobgoblins of little minds. "Having [this] as part of the baseline makes it easier for security teams to claim compliance, because auditors are happy," Pescatore said. "Focusing on password reset compliance was a huge part of all the money wasted on Sarbanes-Oxley audits 15 years ago. Great example of how compliance does not*equal security."* -------------------------------------------- Lionel B. Dyck <sdg> Senior Software Engineer 21st Century Software www.21stcenturysoftware.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.21stcenturysoftware.com&d=DwMFAw&c=jf_iaSHvJObTbx-siA1ZOg&r=O9Yt-0q7UsiUaBSmIwennw&m=ze6XIIO6XqAm_rFtn1zF8hbYK-3sN7_ZCV0uDjSUFWI&s=C0xITJTTxnixxEtO9UXS82AE82iV9VszD9838jfcEcs&e=> >From the Leaders in Data Stewardship(tm) THIS E-MAIL MAY CONTAIN PRIVILEGED, CONFIDENTIAL, COPYRIGHTED, OR OTHER LEGALLY PROTECTED INFORMATION. IF YOU ARE NOT THE INTENDED RECIPIENT (EVEN IF THE E-MAIL ADDRESS ABOVE IS YOURS), YOU MAY NOT USE, COPY, OR RE-TRANSMIT IT. IF YOU HAVE RECEIVED THIS BY MISTAKE PLEASE NOTIFY US BY RETURN E-MAIL, THEN DELETE. THANK YOU ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN