Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the UK the NCSC[1] also no longer advocate security questions such as these and recommends using MFA to recover lost passwords. Additionally they also advocate non-expiring passwords, as ironically, having to change a password every 30 days actually causes users to use less secure passwords (i.e. Monday1, Monday2, Monday3 etc.).

--

[1] https://www.ncsc.gov.uk/



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: