Password expirations are bad practice and counter-intuitive to what the ultimate goal is. If you have a long, complex, unique password for a system that is not used anywhere else and is stored in a secure password manager that has not been compromised, changing that password is worse than meaningless, it’s actively harmful. No one in the IT or Security field should be advocating for password expirations at this stage of the game. Unfortunately everyone is forced into the practice to comply with PCI regulations that have not kept up with changes in security.
Password expirations are bad practice and counter-intuitive to what the ultimate goal is. If you have a long, complex, unique password for a system that is not used anywhere else and is stored in a secure password manager that has not been compromised, changing that password is worse than meaningless, it’s actively harmful. No one in the IT or Security field should be advocating for password expirations at this stage of the game. Unfortunately everyone is forced into the practice to comply with PCI regulations that have not kept up with changes in security.