Lukasz OlejnikSep 24, 2024
GREAT change is approaching. NIST will standardise prohibition of requirement of composing passwords from various character styles, and requirement for periodic password changes. These are harmful and obsolete rules. Now they will be treated as a cybersecurity weakness https://pages.nist.gov/800-63-4/sp800-63b.html
NIST Special Publication 800-63B

NIST Special Publication 800-63B

Show threadMichael Kohne
@LukaszOlejnik I would like to understand the rationale for making password rotation a 'shall not'. I know it's not helpful, but how is it harmful?
Sep 25, 2024 at 1:35pmWeb
Show threadSlothdudeSep 25, 2024
@mhkohne @LukaszOlejnik Results in passwords like “password”, “password2”, “password3”, etc.
Show threadMagnus AhltorpOct 1, 2024
@mhkohne @LukaszOlejnik password1, password2, password3. Enforced rotation incentives sloppy password practices, since you know that you will have to learn a new one soon anyway.