I would suggest reviewing the guidelines in sec in 5.1.1.2 of NIST Special Publication 800-63B <https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver> and the NCSC Password policy: updating your approach - NCSC.GOV.UK <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry>
Regards, Brad On Mon, Sep 19, 2022 at 7:27 AM Miklosovic, Stefan < stefan.mikloso...@netapp.com> wrote: > Hi list, > > together with my colleague Jackson Fleming we put together CEP-24 about > password validation and password generation in Cassandra. > > https://cwiki.apache.org/confluence/x/QoueDQ > > We are looking forward to discuss this CEP with you in depth. > > The outcome of this thread would be to sort out any issues / concerns you > have so we might eventually vote and implement that in upstream if our > contribution is found to be useful. > > There is a reference implementation provided we would like to build our > solution on top. > > Regards > > Stefan Miklosovic >
