dreid on Nostr: Periodic reminder that NIST does not approve of expiring passwords. ...
Periodic reminder that NIST does not approve of expiring passwords.
https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver
> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver
> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.