“Microsoft admits expiring-password rules are useless”

Computer security professionals have argued against password expiration rules for a very long time. The problem with such rules is that they result in users picking weak passwords, or writing down their passwords, or having a list of say five passwords that they cycle through over time.

https://www.cnet.com/news/microsoft-admits-expiring-password-rules-are-useless/