Ask a user to change password (not mandatory action but desirable)

1. Should users be forced to change passwords?
2. How do I force a user to change password?
3. When should a user consider changing their password?
4. What are 3 things you should avoid when creating passwords?

Should users be forced to change passwords?

To protect enterprise assets and users, many security best practices advise periodic password changes. However, this age-old “conventional wisdom” is not recommended by the National Institute of Standards and Technology (NIST).

How do I force a user to change password?

Start Active Directory Users and Computers. Right-click the name of the user whose password you want to change, and then click Properties. Account Options area, click to select the User must change password at next logon check box. OK.

When should a user consider changing their password?

pim recommends changing passwords every 90 days (about 3 months). According to Thytoctic, 80% of all cyber security attacks involve a weak or stolen password. Changing your password quarterly reduces your risk of exposure and avoids a number of IT Security dangers. Unfortunately, passwords are often neglected.

What are 3 things you should avoid when creating passwords?

DON'T use blank spaces in your password. DON'T use a word contained in English or foreign language dictionaries, spelling lists or commonly digitized texts such as the Bible or an encyclopedia. DON'T use an alphabet sequence (lmnopqrst), a number sequence (12345678) or a keyboard sequence (qwertyuop).