Hello @Andrea Vironda ,
Thank you for posting here.
Here are the answers for your references.
- we're only few people, is it necessary to change them? what's the best practice
A1: If these passwords meet best practice or are strong passwords (which have at least eight characters and include a combination of letters, numbers, and symbols), we can keep them.
Here is best practice for password policy.
Enforce password history: Set Enforce password history to 24.
Maximum password age: Set Maximum password age to a value between 30 and 90 days, depending on your environment.
Minimum password age: Windows security baselines recommend setting Minimum password age to one day.
Minimum password length: Set Minimum password length to at least a value of 8.
Password must meet complexity requirements: Set Passwords must meet complexity requirements to Enabled.
Store passwords using reversible encryption: Set the value for Store password using reversible encryption to Disabled.
- How long does a password last? it seems now it's 1 months, but it's too few.
A2: See A1, or I suggest we can set it 3 monthes-6 monthes (maybe one year depending on your environment).
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
If the Answer is helpful, please click "Accept Answer" and upvote it.