Microsoft Admits The Archaic Password Expiration Policies Are Pointless
The company is proposing to drop the password expiration policy for Windows 10 v1903 and Windows Server v1903.
How many times have you logged into your Microsoft Exchange or Microsoft Office 365 account only to see a message that warns you about the impending password expiry for the account, and urging you to change it? As it turns out, Microsoft has admitted that these policies are pretty much “an ancient and obsolete mitigation of very low value”. In an official post detailing the draft security baseline for Windows 10 v1903 and Windows Server v1903, the tech giant makes its views very clear—expiring passwords are no good.
There really are no scenarios in which an expiring password does absolutely any good. If the password for your online account isn’t stolen or compromised, it doesn’t need to be changed. If it is stolen or compromised, it needs to be changed immediately and you shouldn’t wait for the actual password expiration date to loom large before you do the needful.
Then there is another problem—the human memory. “When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use,” says Microsoft.
Microsoft is proposing to drop the password expiration policy for Windows 10 v1903 and Windows Server v1903, but insists that users keep using strong passwords and any available additional protections to keep their data safe.
Recommended For You
- Sunny Deol Didn't Speak to Shah Rukh Khan for 16 Years After He Played a Glorified Villain in Darr
- Pakistan Fans Trashing Their Own Team After India’s World Cup Victory is Pure Gold
- Nach Baliye 9: Urvashi Dholakia Confirms Participating With Ex-boyfriend Anuj Sachdeva
- Elon Musk Tweets That He 'Deleted Twitter Account', is Now 'Daddy DotCom'
- NASA Just Found Stark Trek's 'Starfleet' Insignia On Surface of Mars
- 01 d
- 12 h
- 38 m
- 09 s