Password expiration is dead, long live passwords

Password expiration is dead, long live passwords

— removing the password expiration policies from their Windows 10 security baseline. To quote Microsoft:

Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it. …If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration?

Source: techcrunch.com