> The pin itself would be changeable (forced every 90 days, at will anytime)
You have now destroyed any security this device has, as no one wants to create a brand-new PIN every 90 days, no matter how much or little entropy it has.
Changing passwords on a regular basis as a security best practice has been debunked for years now. Even NIST is (finally) on board, saying that forced regular password changes should not be used in an attempt to increase security.
Your password/PIN should be changed iff there is reason to believe it has been compromised.
You have now destroyed any security this device has, as no one wants to create a brand-new PIN every 90 days, no matter how much or little entropy it has.
Changing passwords on a regular basis as a security best practice has been debunked for years now. Even NIST is (finally) on board, saying that forced regular password changes should not be used in an attempt to increase security.
Your password/PIN should be changed iff there is reason to believe it has been compromised.