[henvic]

I'm curious by what do you mean 'old way' for the very reason exposed above.

Would you mind to give some examples?

[wil421]

A simple example would be changing passwords every 90 days. It’s been proven users will choose less secure passwords.

Here is an article from the FTC and one about NIST guidelines.

https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-r...

https://qz.com/981941/the-us-standards-office-wants-to-do-aw...

[liveoneggs]

do you have mod_security and the standard rules? Yes

do you write custom rules based on your actual application? <- not a real question