These are the same companies that don’t support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?
These are the same companies that don’t support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?
I am generally more annoyed at the second bit, the user having to change their password. Both are problems, but internal policies for changes are usually documented and communicated.
Having to change the services password is just a few buttons in the password manager, but it helps mitigating brute force attacks and limits the attackers access to the validity period of the password. So that’s very beneficial.
It doesn’t matter how good an individuals security is, its the system that’s a problem. Passwords are not often compromised through brute force. Password resets are a much more efficient entry method.
https://pages.nist.gov/800-63-FAQ/#q-b05