I worked on Identity, Credentialing and Access Management (ICAM as it's known) in the Federal space for a while.
The U.S. Fed Gov has been implementing MFA with smart cards since 2001. While there are pockets of ineptitude and resistance, the vast majority of government employees and contractors use a hard token second factor.
Security is a property of a system, so analyzing a particular password policy outside of the given context (mandatory hard token MFA) is nonsense.
The U.S. Fed Gov has been implementing MFA with smart cards since 2001. While there are pockets of ineptitude and resistance, the vast majority of government employees and contractors use a hard token second factor.
Security is a property of a system, so analyzing a particular password policy outside of the given context (mandatory hard token MFA) is nonsense.