Dear Broadcom.
NIST, Microsoft, BSI, Apple and virtually
everyone of rank in the IT world has updated their policies over the last several years to say that what you are implementing here under the guise of "
security" is actually
harmful to security. Enforced expiration is next to useless, enforced complexity only encourages cheap pattern passwords that no software can prevent. And the guy who came up with the password rotation pragma essentially appologized for it. This all should have been very straight-forward to google.
Here's just a random result from Google that neatly summarizes the guidelines of the US authority on this stuff:
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/And here's the authoritative source:
https://pages.nist.gov/800-63-3/sp800-63b.html#sec5
What you are about to implement are security guidelines of the
last century (and it wasn't much common sense already back then to most people), and quite frankly it looks the part. You seem hell-bent on invonciniencing your user base, and your contributors any way you possibly can. I would ask you to reconsider if I had any hope a company would listen. Alas, I am just stating this as is.
Thank you.