sarcastic. not hostile.

do you honestly believe that i was unaware that there are companies that do not require the rotation policy? maybe the "pretty much all" phrase was confusing and you did not think that left room for some to not?

that's great that there are some companies that do not, but there are a great number of people that still do. it's not anything that needs rebutting as we're all aware they exist

>maybe the "pretty much all" phrase was confusing and you did not think that left room for some to not?

~90% or more of the companies we consult with do not have forced arbitrary password rotations when we start our engagement with them (~100% do not have it by the end of the engagement). We engage with dozens to hundreds of companies a year.

Does your definition of "pretty much all" actually mean "a small portion"? No wonder I was confused...

dozens to hundreds !== large percentage

I'm looking at a sample of well over a thousand companies across multiple years where the vast majority (~90%) do not have a forced rotation and now ~100% of them do not. You can safely extrapolate that out to a general statistic.

Where are you getting your numbers from? What data are you reviewing?

So by your own comment there were thousands of companies that absolutely were still using rotation policies until they were blessed with your consultation.

Sounds like your doing the lord's work. Godspeed

>absolutely were still using rotation policies

That is not what I said. In fact, that's the complete opposite of what I said! Here, I'll add some emphasis for you.

>"~90% or more of the companies we consult with do not have forced arbitrary password rotations ___when we start our engagement with them___"