this post was submitted on 19 Jun 2025
1 points (100.0% liked)

cybersecurity

14 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 2 years ago
MODERATORS
[email protected]
1
Recently learned NIST doesn't recommends password resets. (zerobytes.monster)
submitted 1 week ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/cybersecurity by /u/Different-Phone-7654 on 2025-06-18 17:16:33.

NIST SP 800-63B section 5.1.1.2 recommends passwords changes should only be forced if there is evidence of compromise.

Why is password expiration still in practice with this guidance from NIST?

you are viewing a single comment's thread
view the rest of the comments