Discussion about this post

User's avatar
Erich Winkler's avatar

Great article! I enjoyed reading it! 👏

Expand full comment
Tushar Sharma's avatar

Finally, someone said it. I’ve had to untangle so many orgs that were “compliant” on paper but used the worst possible password policies in practice.

The 90-day reset rule might be one of the most damaging things we normalized — just creates predictable behavior.

Thanks for pushing this conversation back to useful, not just “standard.”

Expand full comment
1 more comment...

No posts