A major company considers forcing users to change their passwords regularly a pointless action. Microsoft says that this does not improve account security in any way.
Specialists note that if the password has not been compromised, there is no particular point in changing it. Microsoft considers the policy of password expiration to be pointless. This method not only doesn't help to keep your data safe, but on the contrary it creates additional vulnerabilities.
This information has been published on the Microsoft blog with other security recommendations. This section publishes basic security settings in Windows 10 v1903 and Windows Server v1903.
In the article, the developer not only acknowledges the archaic method of frequent password changes, he calls it pointless.
Simply put, as long as your password has not been stolen by cybercriminals, you have nothing to worry about. However, if you suspect that a password has been stolen, you should act right away - invalidate the old password and make up a new, preferably more secure one. At the same time, regularly changing a password without any real reason leads to users having to write down their passwords. Often they are simply forgotten. The most important thing is that, in an attempt to simplify the task, the user comes up with a shorter and simpler password or changes one character in the old one.
Experts call multifactor authentication, as well as the constant analysis of the lists of banned passwords more effective security methods. By the way, we have recently published a list of the most cracked passwords. We advise you to check if yours is not on it.