• abraxas
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Not sure if you’re in the US. But if you are, you should leave this anonymously on the security team’s desks.

    > Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. - NIST control SP 800-63B Section 5.1.1.2

    Basically a fairly widespread standard of security. All kinda of complaince you can fall out of if you do business with anyone who cares about NIST controls.