Microsoft ditching periodic password change policy

Dr Irving Hofman

Microsoft finally adopts the NIST guidelines for passwords! The 60 day password change is no more.

Better late than never! Microsoft has finally removed enforced periodic password changes from their security baselines. My first blog post on this website back in 2017 was about exactly this.

Time to Rethink Mandatory Password Changes

Periodic password expiration is an obsolete idea that offers almost nothing in today's security landscape. It's great to see Microsoft finally coming to the party. There are many other threat mitigation techniques that are far better.

For further information from Microsoft, go here: https://blogs.technet.microsof...

Want more information?