The problems with forcing regular password expiry

Why CESG – now part of the NCSC – decided to advise against this long-established security guideline. Regular password expiry is a common requirement in many security policies. However, in the Password Guidance published in 2015, we explicitly advised...