LiefZimmerman
Oct 04, 2024Admin
Verifiers and CSPs SHALL NOT require users to change passwords periodically.
That subject line is a requirement in the most recent NIST publication for Digital Identity Guidelines.
https://pages.nist.gov/800-63-4/sp800-63b.html
A summary is here:
with links to
The authors take is that these are nonsensical and commonsense updates.
I agree, from a users perspective, with the basics set out in the piece - but what aren't they/I thinking about?