To improve security we would liket to force password change every 3 months. Or to extract last password update to create notification to change password.
Hi there! Just wanted to share this article from Microsoft security on best practices for admins on passwords, which includes this section:
Password expiration requirements for users
Password expiration requirements do more harm than good, as they make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them.
There is no way that I know of in monday.com to force password changes to your users, however you can do the following in the Administration → Security section to improve your monday.com security:
- In the Login tab, you can add two-factor authentication
- In the Advanced tab, you can force logouts for your users after a period of inactivity, and you set a session expiration duration where every set time period, they get automatically logged out and have to log in again (for example, users get automatically logged out after 30 days and have to log in again).
Microsoft is correct, as stated in SP 800-63-4 forced password changes based on time intervals is not beneficial for an increased security.