What common behavior drives the NIST recommendation that passwords should not expire?
Answer Options
Attackers would not have enough time to compromise passwords if they expired.
Users often make minimal changes to passwords to handle change requirements.
Password expiration leads to too little support overhead.
Re-hashing passwords when changes are required is computationally intensive.
Correct Answer: B
Explanation
The NIST recommendation to not expire passwords recognizes that users often make minimal changes to their passwords when they are required to change them. In addition, password changes drive significant support overhead as users forget their passwords or otherwise face challenges with them. Longer password lives do create the potential for attackers to have longer to compromise them, but modern password recommendations look for multifactor authentication, which means a compromised password is less of a threat. Hashing new passwords does require computation, but not a significant amount using modern hardware.