> On Dec 16, 2022, at 9:17 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> ...
> (I agree that forced password rotations are also an obsolete security
> practice, but figured that one bit of push-back at a time was enough.)
I believe that NIST is now on board with this opinion, aren't they?