image credit: Adobe Stock

Is mandatory password expiration helping or hurting your password security?

October 4, 2022

For decades cybersecurity professionals held tight to the idea that passwords needed to be changed on a regular basis. In recent years, however, organizations such as NIST and Microsoft have abandoned this longstanding best practice and are now recommending against mandatory password expiration.

The case against password expiration

Microsoft lists two main reasons why scheduled password expirations should be avoided.

Fast-acting criminals won’t be deterred by your 90-day change policy

First, the company argues that scheduled password changes do little to prevent an intruder from gaining access to a victim’s network because threat actors almost always make immediate use of compromised passwords.

Read More on Help Net Security