Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ivanborgiey
Newcomer I
‎09-04-2023 01:55 PM
‎09-04-2023 01:55 PM

SSCP practice exam question.

I have a question regarding this matter. SSCP.JPG

 

Why is the answer is No expiration? I checked the NIST 800-63b but I didn't find anything about it

Reply
0 Kudos
11 Replies
DarkCerberus
Viewer
yesterday
yesterday

It's stated that we are no longer supposed to enforce password changes. In other words, we cannot "force" a user to change their password. 

Reply
0 Kudos
dcontesti
Community Champion
yesterday
yesterday

I admit that I have not read the entire thread BUT the question is wrong.

 

According to NIST 800-63B

 

  • No forced password changes:
    Avoid forcing users to change their passwords frequently, as it often leads to users creating weaker passwords. 

The header of that section is misleading.  You MUST read the entire document.

 

REALLY terrible question..  Should be corrected for removed from the Materials<  Where did this question come from?  Is this from an ISC2 publication?  

 

Regards

 

d

 

Reply
0 Kudos