Passwords: Maximum Age

794aed82-0f0a-46e0-8135-204c50b12462

The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the Maximum password age policy setting to 0 so that users are never required to change their passwords allows a compromised password to be used by the malicious user for as long as the valid user is authorized to access. More information here (https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/maximum-password-age)


stig-medium-server
stig-medium-desktop
compliance-desktop
compliance-server
nist800-171
cmmc-l1