If your old password was compromised by a keylogger, your newly rotated password will be too.
There original threat model for forced password rotation was supposedly based on hash cracking time. This is a stupid threat model; the guy from NIST who wrote it back in the 80s admitted it was based on no research but was added arbitrarily because it sounded good at the time.
There original threat model for forced password rotation was supposedly based on hash cracking time. This is a stupid threat model; the guy from NIST who wrote it back in the 80s admitted it was based on no research but was added arbitrarily because it sounded good at the time.