Blame custom application vendors that the NHS and other companies use. They unnecessarily tie applications to specific OS releases and refuse to support them on newer OSes. These vendors pretty much hold companies to ransom as consultantcy fees and migration fees are so high
2 posts • joined 12 Mar 2017
Passwords are not the issue
Password complexity is not the issue (to a certain point), the systems controlling them are. Rate limiting attempts, max tries per minute, hour day, pattern detection (such as logging the failures IP/MAC to multiple UIDs) and 2FA massively reduce brute force. Don't get my wrong blocking most used passwords is also required.