Unfortunately, not all guidelines have caught up. PCI-DSS still requires passwor... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thewebguyd 24 days ago \| parent \| context \| favorite \| on: Microsoft will finally kill obsolete cipher that h... Unfortunately, not all guidelines have caught up. PCI-DSS still requires password changes every 90 days for anything in scope (the cardholder data environment, anything that might even remotely touch payment card data).

fragmede 24 days ago [–]

Not with MFA. Not for a while now. And regardless, the word(s) you are looking for is "compensating control".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact