Expiring password notification

Rod Widdowson rdw at steadingsoftware.com
Fri Oct 20 05:33:33 EDT 2017

> our wise
> board of regents has decided that we will soon be arbitrarily expiring
> passwords every 6 months.

I'm sure it won't help you, but from NIST (who might know what they are talking about)

"Digital Identity Guidelines", published June 2017

> Do not require that memorized secrets be changed arbitrarily 
> (e.g., periodically) unless there is a user request or evidence of
>  authenticator compromise. 

And yes I'm cherry picking...


More information about the users mailing list