Even major governments that move at glacial speeds recognize that forced password expiration does not improve security.
QuickBooks is becoming infuriating every time I switch between companies.
First, on a properly secured computer with an encrypted hard drive, QuickBooks password adds absolutely no additional security.
Second, users should decide if they need a password, not QuickBooks.
Third, if you're going to ram it down our throats, you could at least adopt modern password guidance.
https://pages.nist.gov/800-63-3/sp800-63b.html">https://pages.nist.gov/800-63-3/sp800-63b.html
https://jumpcloud.com/blog/nist-800-63-password-guidelines/
https://www.canada.ca/en/government/system/digital-government/password-guidance.html
https://www.ncsc.gov.uk/collection/passwords/updating-your-approach
And please don't even bother to mention PCI DSS. PCI are dinosaurs and their standard has done virtually nothing to prevent data breaches involving payment cards.
