On 21 Jan 2022, at 3:24, Daulat wrote: > Yes, you are right, I am planning for password complexity rules and to, force users to change their password. > While you are in the planning stages you may wish to review current best practice, e.g., USA National Institute of Standards and Technology. For me the most interesting aspect of the revised standard is how forcing password changes and complexity rules often leads to reduced security in the real world. Refer: https://pages.nist.gov/800-63-3/sp800-63-3.html https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/ (for a more human readable version :) Regards Gavan Schneider —— Gavan Schneider, Sodwalls, NSW, Australia Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong. — H. L. Mencken, 1920
