|
|
|
|
|
|
by ziddoap
1740 days ago
|
|
|
This sort of speaks to what the GP was talking about -- not following guidelines and frameworks. For example, >On top of rotating passwords on a yearly basis > rotating passwords for users every 90 days NIST 800-63B, as of 2017, explicitly advised against this. "Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically)." [1] [1]https://pages.nist.gov/800-63-3/sp800-63b.html |
|
|