Microsoft knows password-expiration policies are useless

Microsoft admitted today that password-expiration policies are a pointless security measure. Such requirements are "an ancient and obsolete mitigation of very low value," the company wrote in a blog post on draft security baseline settings for Window...