The National Institute of Standards and Technology (NIST) has revised its recommendations to encourage more modern password security best practices. NIST is now recommending against periodic password resets and suggesting that companies only require passwords to be changed if there is evidence of compromise. With multiple data breaches occurring on a real-time basis, newly compromised credentials are continuously posted on the Dark Web and available for hackers to leverage in their ongoing attacks. Screening credentials both at their creation and continuously monitoring their integrity thereafter is also an important component of a modern approach to password security.
Source: https://thehackernews.com/2021/05/why-password-hygiene-needs-reboot.html