Martin FowlerDec 7, 2022
Me /tries to do a quick something
site: enter your password
Me: fine
site: enter your one-time code
Me: already? but fine
site: your password will expire in 6 days. Change it now
Me: 🤬
Show threadMartin FowlerDec 7, 2022

And just to make it clear. "Regular password changing harms rather than improves security."

https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry

Password policy: updating your approach

Advice for system owners responsible for determining password policies and identity management within their organisations.

Show threadDennis Faucher  
@mfowler It's remarkable how common this is.
"an attacker with access to the account will probably also receive the request to reset the password"
Dec 7, 2022 at 7:43pmWeb