Re: Password expiration - was Re: [SECURITY] Security Awareness Programs

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

> Every multi-factor I've seen in wide use today is password plus something.
>
> Do password policies go away if there is a additional factor?

I'd suggest polices need to be looked at in light of MFA.  So, to the point of this discussion, password aging polices 
might not be necessary once you have widespread MFA, since, effectively the password MFA combination is always unique.