NIST SP 800-63B, Section 5.1.1.2 Memorized Secret Verifiers
“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”
Top comments (3)
According to NIST password policy (pages.nist.gov/800-63-3/sp800-63b....)
NIST SP 800-63B, Section 5.1.1.2 Memorized Secret Verifiers
“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”
Please also see here: jumpcloud.com/blog/nist-800-63-pas...
Thanks. Useful information. I followed you and I am looking forward to see more post about it security in the future here
I posted a question regarding password. (My latest question) can you have a look and give me your insights?