mkj on Nostr: npub1gfdrr…x7gg6 **Forced time-based password changes is a bad idea.** Even the US ...
npub1gfdrrw9629qxwvwaa3vwnvzhtaqu2c5m9wf6vcwjnmdnhs7hl4jsux7gg6 (npub1gfd…7gg6) **Forced time-based password changes is a bad idea.** Even the US NIST recognizes as much these days:
"Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator." https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
Certainly if you want to change a #password go ahead and do it. But if you have reason to change the password, change it immediately, not at some arbitrary future date.
"Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator." https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
Certainly if you want to change a #password go ahead and do it. But if you have reason to change the password, change it immediately, not at some arbitrary future date.