New NIST password guidelines: don't require character types or rotation https://pages.nist.gov/800-63-3/sp800-63b.html#memorized-secret-verifiers …
Rotation is a terrible recommendation. It encourages people to keep passwords on Post-Its instead of memorizing them.
-
-
if too frequent yes, but 180 days is not out of the question
-
Flipping the Q: Why do *some* recommend? Bad guys don't wait 180 days. Gain seems negligible, damage substantial
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.