Microsoft’s April 24 decision to remove the “Maximum Password Age” (forced expiration) default from Microsoft Windows has sparked a lot of discussion. The default (and recommended) maximum password age had been 45 to 60 days, depending on the OS version. Removing the forced expiration default follows the recent National Institute of Standards and Technology (NIST) recommendation not to require a password change until you know a password has been compromised.