On Thu, 29 Aug 2024 at 11:09, Edward Toroshchyn <edward.toroshc...@pm.me> wrote:
> > Instead, the modern recommendation is to use two-factor authentication and > to implement password blacklists. > > Of course, this is primarily important for managing multiple user > environments, and if you feel like you should change your own password > every once in a while, there's no harm in that. > > [1] https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret Respectfully I think we should exercise caution quoting a 7-year-old document and treating it as gospel 2-factor authentication isn't there to replace best security practices, but to complement them.
