NIST has a standard(s?) that says password strength rules are dumb and regular r...

		OJFord on Nov 2, 2022 \| parent \| context \| favorite \| on: Ask HN: How can techies influence companies to sto... NIST has a standard(s?) that says password strength rules are dumb and regular rotation is not necessary. Great, except we all know both are still widespread even by US sites. There's no 'oi comply with the NIST standard' regulation (for most companies anyway).