Security News > 2022 > October > Is mandatory password expiration helping or hurting your password security?
In recent years organizations such as NIST and Microsoft have abandoned this longstanding best practice and are now recommending against mandatory password expiration.
From Microsoft's perspective it is far better for a user to create a strong but unchanging password than to simply create a password that barely adheres to the organization's minimal password requirements and then make small changes to that password each time that the organization requires the password to be changed.
Even a user who creates a super strong password is still going to be required to change that password at some point and will presumably resort to using password transformations rather than creating an entirely new password.
Specops dynamic password feedback feature guides the user through the password reset process, showing them exactly what is required in order to satisfy the organization's password requirements.
The goal here is to combine a strong password policy with an end-user reward system, keeping your stronger password for longer, and adding in a deterrent of minimal password change all without additional onus on the IT team.
If password feedback exists at password change you can cut down on all those helpdesk calls asking for help.