Password Expiration Warning

I have been working on authentication flows for a financial institution. There is some question around whether password expiration warnings or notices (“your password will expire in 3 days. Consider changing it now”) are actually helpful or just annoying. Has anyone gathered any data around this particular assumption?


Welcome to the community @productdesigner!

Have you checked out reports from NN/g or white papers from companies such as Okta and other authentication providers?
There is probably research out there.