Comment 5 for bug 1979570

While I agree with NIST on not changing passwords, and did so before they came to that conclusion, I am not opposed to the addition of such a feature so long as it is a) off by default and b) is enabled via YAOUS or internal flag. It might be useful to have separate settings for staff vs. patrons.