diff --git a/pages/mfa.md b/pages/mfa.md
index 095e267..b583e75 100644
--- a/pages/mfa.md
+++ b/pages/mfa.md
@@ -63,7 +63,7 @@ import (
 	"math"
 )
 
-func generateTOTP(secret []byte) {
+func generateTOTP(secret []byte) string {
 	digits := 6
 	counter := time.Now().Unix() / 30
 
@@ -75,7 +75,7 @@ func generateTOTP(secret []byte) {
 	HS := mac.Sum(nil)
 	offset := HS[19] & 0x0f
 	Snum := binary.BigEndian.Uint32(HS[offset:offset+4]) & 0x7fffffff
-	D := Snum % int(math.Pow(10, float64(digits)))
+	D := Snum % uint32(math.Pow(10, float64(digits)))
 	// Pad "0" to make it 6 digits.
 	return fmt.Sprintf("%06d", D)
 }
diff --git a/pages/password-authentication.md b/pages/password-authentication.md
index f335863..b421fc9 100644
--- a/pages/password-authentication.md
+++ b/pages/password-authentication.md
@@ -138,5 +138,6 @@ If you need to keep the username or email private, make sure you do not leak suc
 ## Other considerations
 
 - Do not prevent users from copy-pasting passwords as it discourages users from using password managers.
+- Do not require users to change passwords periodically.
 - Ask for the current password when a user attempts to change their password.
 - [Open redirect](/open-redirect).