Security News > 2021 > May > Is it still a good idea to require users to change their passwords?
For as long as corporate IT has been in existence, users have been required to change their passwords periodically.
Microsoft has reversed course on the best practices that it has had in place for decades and no longer recommends that organizations require users to change passwords periodically.
According to Microsoft, requiring users to change their passwords frequently does more harm than good.
While forced password changes can cause problems, not requiring users to change their passwords can also cause problems.
Users who choose strong passwords will not have to change those passwords as often as a user who chooses a weaker password.
A second issue that is often attributed to password change requirements is that users who are forced to frequently change their passwords are more likely to forget their passwords.