• vzq@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    NIST removed password expiration from their recommendations in 2020. Instead they recommend only forcing password changes when compromise is suspected.

    The main argument is that they do not make users or systems demonstrably safer and encourage bad password habits.