Skip to content

Commit

Permalink
Merge pull request #35 from NicolaiSoeborg/patch-1
Browse files Browse the repository at this point in the history 
password auth: Avoid mandatory password rotation
  • Loading branch information
@pilcrowonpaper
pilcrowonpaper authored Oct 30, 2024
2 parents c4f012f + 1dce38d commit b5eed24
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions pages/password-authentication.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,5 +138,6 @@ If you need to keep the username or email private, make sure you do not leak suc
## Other considerations

- Do not prevent users from copy-pasting passwords as it discourages users from using password managers.
- Do not require users to change passwords periodically.
- Ask for the current password when a user attempts to change their password.
- [Open redirect](/open-redirect).

0 comments on commit b5eed24

Please sign in to comment.