While I agree with NIST on not changing passwords, and did so before they came to that conclusion, I am not opposed to the addition of such a feature so long as it is a) off by default and b) is enabled via YAOUS or internal flag. It might be useful to have separate settings for staff vs. patrons.
While I agree with NIST on not changing passwords, and did so before they came to that conclusion, I am not opposed to the addition of such a feature so long as it is a) off by default and b) is enabled via YAOUS or internal flag. It might be useful to have separate settings for staff vs. patrons.