Useless to have password expiration policies, says Microsoft

It explained removing password expiration policies doesn’t mean changing requirements for minimum password length.

Update: 2019-04-27 04:45 GMT

The annoying reminders by the IT team to change your system password are pointless, after all. Tech giant Microsoft has admitted that periodic password expiration rules are not required and make systems more vulnerable to hacking.

In its draft release of security configuration baseline settings for Windows 10, Microsoft proposed dropping the password expiration policies. When humans are forced to reset their passwords, they often write it down where others can see them, or make an obvious alteration to the existing password, making it easier to steal or detect.

Microsoft explained that removing password expiration policies does not mean changing requirements for minimum password length, history, or complexity. It is instead recommended that companies promote good password practice, and use multi-factor authentication.

Similar News