We are currently looking to refresh our Password Policy which is every 90 days w/8 Char minimum.
Taking a hard look at passwordless login but wondering where the are others with passwords?
Do you force a change every X days?
How many minimum characters?
Is anyone using Password-less log in?
The current recommendation from MS are described in this document, https://www.microsoft.com/en-us/research/publication/password-guidance/