We have a linux user self-serve page where we can reset our passwords when they expire. The catch is we never use said password because all logins are done with keys but you can't login if your password is expired. So imagine someone "data-driven" getting rid of that page because it is rarely used.
Why do the passwords expire if they're not used? "best practice"
Agree with both you and above that low usage is not a good signal of unimportance, but “reset password” is actually used _very_ frequently across the spectrum of average joe users. Here’s an example source: https://www.statista.com/statistics/1303484/frequency-of-pas...
Why do the passwords expire if they're not used? "best practice"