Useless to have password expiration policies, says Microsoft
27 April, 2019
The annoying reminders by the IT team to change your system password are pointless, after all. Tech giant Microsoft has admitted that periodic password expiration rules are not required and make systems more vulnerable to hacking.
In its draft release of security configuration baseline settings for Windows 10, Microsoft proposed dropping the password expiration policies. When humans are forced to reset their passwords, they often write it down where others can see them, or make an obvious alteration to the existing password, making it easier to steal or detect.
Microsoft explained that removing password expiration policies does not mean changing requirements for minimum password length, history, or complexity. It is instead recommended that companies promote good password practice, and use multi-factor authentication.
TAG(s):