What Should Your Company's Change Password Policy Be?
CSO Online, May 9th, 2019
May 9, 2019,
Volume 254, Issue 2
"Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords...
Microsoft's April 24 decision to remove the 'Maximum Password Age' (forced expiration) default from Microsoft Windows has sparked a lot of discussion. The default (and recommended) maximum password age had been 45 to 60 days, depending on the OS version. Removing the forced expiration default follows the recent National Institute of Standards and Technology (NIST) recommendation not to require a password change until you know a password has been compromised..."
Read More ...