I have been working on authentication flows for a financial institution. There is some question around whether password expiration warnings or notices (“your password will expire in 3 days. Consider changing it now”) are actually helpful or just annoying. Has anyone gathered any data around this particular assumption?
Thanks