Skip to content

Commit

Permalink
password auth: Avoid mandatory password rotation
Browse files Browse the repository at this point in the history 
This aligns with NIST SP 800-63B, Microsoft 365 Password Policy Recommendations, etc, etc
  • Loading branch information
@NicolaiSoeborg
NicolaiSoeborg authored Oct 21, 2024
1 parent b44acc0 commit 1dce38d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions pages/password-authentication.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,5 +138,6 @@ If you need to keep the username or email private, make sure you do not leak suc
## Other considerations

- Do not prevent users from copy-pasting passwords as it discourages users from using password managers.
- Do not require users to change passwords periodically.
- Ask for the current password when a user attempts to change their password.
- [Open redirect](/open-redirect).

0 comments on commit 1dce38d

Please sign in to comment.