NIST SP 800-63B, Section 5.1.1.2 Memorized Secret Verifiers
“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”
According to NIST password policy (pages.nist.gov/800-63-3/sp800-63b....)
NIST SP 800-63B, Section 5.1.1.2 Memorized Secret Verifiers
“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”
Please also see here: jumpcloud.com/blog/nist-800-63-pas...