Answer:
I cannot tell you where customers are required to change passwords with this frequency and that is a question for the examiner's stating it is a requirement.
The FFIEC guidance requiring the periodic change of passwords applies to the bankers, not the customers. While we may all agree it is a good practice to change passwords, when they change this frequently and if you also prohibit re-use of passwords, your customers are more likely to write them down - which doesn't help many security issues, or to drop your bank because an occasional user is more likely to get locked out regularly having forgotten the password.
print
share