Password expiration is dead, long live passwords
— removing the password expiration policies from their Windows 10 security baseline. To quote Microsoft:
Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it. …If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration?
Source: techcrunch.com