[THEME] Strong Passwords
The Strong Passwords theme ensures that password policies in your Microsoft 365 environment are configured according to the latest security best practices.
What does Attic do?
Attic verifies that password settings follow modern security guidelines, which have shifted away from frequent password changes toward stronger, more stable passwords.
The checks in this theme cover:
- Password expiration is disabled (in line with NIST and Microsoft recommendations)
- Self-service password reset is enabled for users
- Azure AD Password Protection is enabled to block commonly used and weak passwords
Why is this important?
Modern security research shows that forcing frequent password changes leads to weaker passwords. Instead, passwords should be strong, unique, and not expire unless compromised. Combined with MFA and password protection against known weak passwords, this approach provides significantly better security than traditional password rotation policies.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1331 | Automatic password expiry |
| CHK-1333 | Self-service password reset |
| CHK-1147 | Custom banned password list |