> On Dec 16, 2022, at 9:17 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> ...
> (I agree that forced password rotations are also an obsolete security
> practice, but figured that one bit of push-back at a time was enough.)
I believe that NIST is now on board with this opinion, aren't they?