For decades cybersecurity professionals held tight to the idea that passwords needed to be changed on a regular basis. In recent years, however, organizations such as NIST and Microsoft have abandoned this longstanding best practice and are now recommending against mandatory password expiration. The case against password expiration Microsoft lists two main reasons why scheduled password expirations should be avoided. Fast-acting criminals won’t be deterred by your 90-day change policy First, the company argues that … Continue reading Is mandatory password expiration helping or hurting your password security?