diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index f54986956f..2bfe923e1c 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -265,7 +265,7 @@ The account options on a user account includes an option -- **Smart card is requ
 **SCRIL setting for a user on Active Directory Users and Computers.**
 
 When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users are effectively passwordless because:
-- the do not know their password.
+- they do not know their password.
 - their password is 128 random bits of data and is likely to include non-typable characters.
 - the user is not asked to change their password
 - domain controllers do not allow passwords for interactive authentication