It becomes a pain vs gain problem. How hard do you make it, also balancing the inconvenience.
You could easily force users to enter a one time code via email every 3 months (or more or less time). This would be hard to automate and if you changed it up even more so.
It becomes a pain vs gain problem. How hard do you make it, also balancing the inconvenience.
You could easily force users to enter a one time code via email every 3 months (or more or less time). This would be hard to automate and if you changed it up even more so.
Or maybe enforce login with a hardware token like Yubikey or Nitrokey. I don’t think you could automate that(?)
Yeah but how do you get it to someone.
Pain vs gain.