You must log in or register to comment.
I would say that if you need elevated security mfa is the way to go. Frequent forced password changes are counter productive
Password expirations are bad practice and counter-intuitive to what the ultimate goal is. If you have a long, complex, unique password for a system that is not used anywhere else and is stored in a secure password manager that has not been compromised, changing that password is worse than meaningless, it’s actively harmful. No one in the IT or Security field should be advocating for password expirations at this stage of the game. Unfortunately everyone is forced into the practice to comply with PCI regulations that have not kept up with changes in security.