The tech giant Microsoft wants to nix the “password expiration policy” that requires users to change their passwords every 42 days. This only applies to those who use Windows Group Policy which is typically in an office setting. If you have your own personal laptop or computer, then you would still have control over when, and if, you decide to change your password.
This TechRepublic article by Lance Whitney explains it all:
If you employ Windows Group Policy at your company, then you may enforce password expiration, which compels users to change their Windows passwords every 42 days or at some other interval. Now Microsoft is questioning the effectiveness of password expiration, to the point that it wants to remove that requirement for the next version of Windows 10.
In a Wednesday blog post, Microsoft detailed a draft of security configuration baseline settings for Windows 10 version 1903 and Windows Server version 1903, which are due for release in late May. Among the several draft settings proposed, the removal of the password expiration policy is the one that will likely affect organizations and IT administrators the most.
In its desire to drop the password expiration requirement, Microsoft argues that the policy is outdated and ineffective. The main purpose of periodically changing your Windows password is to prevent the wrong person from using it if that password had been stolen. But if the password is never stolen, there’s no reason to change it. And if you have evidence that the password had been stolen, you would change it immediately rather than wait for some predefined expiration date. (continued)
Read more here: https://www.techrepublic.com/article/microsoft-wants-to-kill-windows-password-expiration-policy/