Robert Roskam on Nostr: Systems "SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., ...
Systems "SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically)."
Said another way way, if your organization requires regular password changes (every 30 days, 90 days, etc.), then you're making your organization _less_ secure.
This has been a PSA: https://pages.nist.gov/800-63-3/sp800-63b.html#reqauthtype
Said another way way, if your organization requires regular password changes (every 30 days, 90 days, etc.), then you're making your organization _less_ secure.
This has been a PSA: https://pages.nist.gov/800-63-3/sp800-63b.html#reqauthtype