Not only that. As a user it's incredibly frustrating entering a password 5 or more times each morning. This results in users using extremely weak passwords.
The same is true for forcing users to reset their password every 50 days or so, by the way. This outdated password guideline doesn't seem to die. I know way to many cases where people are using a weak base password with a number attached to it because they got sick of trying to remember a new password every month.
> The same is true for forcing users to reset their password every 50 days or so, by the way. This outdated password guideline doesn't seem to die. I know way to many cases where people are using a weak base password with a number attached to it because they got sick of trying to remember a new password every month.
there are people who actually invent a new password every time instead of cycling numbers?
also, change password a few times until history is flushed and switch back to the same password you started with is a thing.
SSO is a must in any big organisation, there are tens or hundred of applications.
People are incredibly and consistently bad with security. You really need a way to be able to cancel all accesses in one swoop for any individual.