Language:
To mitigate the risk of credential theft, it is advisable to update regularly the passwords of all active accounts in Active Directory. However, if users must change their password too frequently, this may lead to the selection of predictable passwords or the storage of passwords in unsafe locations, increasing the likelihood of credential theft.
Tenable recommends implementing a password renewal policy for accounts with sensitive access rights in the information system. Configure this policy to prevent users from changing their password too frequently, which could increase the likelihood of predictable password use.
Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903
NCSC - Password administration for system owners
NIST - Digital Identity Guidelines Authentication and Lifecycle Management