On Thu, 29 Aug 2024 at 11:09, Edward Toroshchyn <edward.toroshchyn@pm.me> wrote:

Instead, the modern recommendation is to use two-factor authentication and to implement password blacklists.

Of course, this is primarily important for managing multiple user environments, and if you feel like you should change your own password every once in a while, there's no harm in that.

[1] https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret


Respectfully I think we should exercise caution quoting a 7-year-old document and treating it as gospel

2-factor authentication isn't there to replace best security practices, but to complement them.