John McKown wrote: > Which article are you replying to? I can't find it. IIRC, I even commented > on it. URL?
My bad. This was on RACF-L. You posted it! https://www.sans.org/security-awareness-training/blog/time-password-expiration-die Re NIST: jeez, it wasn't LAST year, it was almost three years ago. This is the article I remember: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ But yes, 800-63. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN