To improve security and protect your data and prevent it from being compromised, we recommend following security best practices within VCC.
Evidence suggests that password expiration policies lead to users configuring weaker passwords to make them easier to remember. Additionally, most users configure new passwords as a minor variation of the old ones. The current recommendation is to not enforce mandatory password changes and to mandate password changes only when there is evidence of the existing password being compromised, a suspected breach, or a specific threat.
Recommendations against the practice of expiring passwords: