For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

LiefZimmerman's avatar
LiefZimmerman
Icon for Admin rankAdmin
Oct 04, 2024

Verifiers and CSPs SHALL NOT require users to change passwords periodically.

That subject line is a requirement in the most recent NIST publication for Digital Identity Guidelines.
https://pages.nist.gov/800-63-4/sp800-63b.html

 

A summary is here:

https://yro.slashdot.org/story/24/09/27/0021240/nist-proposes-barring-some-of-the-most-nonsensical-password-rules

with links to

https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

 

The authors take is that these are nonsensical and commonsense updates.
I agree, from a users perspective, with the basics set out in the piece - but what aren't they/I thinking about?

security
No RepliesBe the first to reply