All, Sorry for hijacking the thread, just want to make a small correction. On 29/08/2024 10:53, David C. Rankin <drankinatty@gmail.com> wrote:
I changed my password [...] (as you should do every so often).
It is no longer recommended to enforce any periodic password changes. See, e.g. NIST recommendation[1]:
Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).
While password expiration used to be recommended, subsequent research showed that this does more harm than good, due to users tending to choose passwords that are easier to remember, or reuse passwords across multiple services. Instead, the modern recommendation is to use two-factor authentication and to implement password blacklists. Of course, this is primarily important for managing multiple user environments, and if you feel like you should change your own password every once in a while, there's no harm in that. Kind regards, -- Edward [1] https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret