Password1, Password2, Password3 No More: Microsoft Drops Password Expiration Rec

from ars technica

For many years, Microsoft has published a security baseline configuration: a set of system policies that are a reasonable default for a typical organization. This configuration may be sufficient for some companies, and it represents a good starting point for those corporations that need something stricter. While most of the settings have been unproblematic, one particular decision has long drawn the ire of end-users and helpdesks alike: a 60-day password expiration policy that forces a password change every two months. That reality is no longer: the latest draft for the baseline configuration for Windows 10 version 1903 and Windows Server version 1903 drops this tedious requirement.

The rationale for the previous policy is that it limits the impact a stolen password can have—a stolen password will automatically become invalid after, at most, 60 days. In reality, however, password expiration tends to make systems less safe, not more, because computer users don’t like picking or remembering new passwords. Instead, they’ll do something like pick a simple password and then increment a number on the end of the password, making it easy to “generate” a new password whenever they’re forced to.

More here.

, ,

One Response to Password1, Password2, Password3 No More: Microsoft Drops Password Expiration Rec

  1. Alexander Dornbierer May 2, 2019 at 2:49 pm #

    This school year at school, the email that I most dreaded was the email from the service desk discussing my PirateNet password. Attention, your PirateNet password will expire in 14 days, 13 days, 12 days, and counting down until you finally change it. The PirateNet password is your wifi password, computer password, and how to sign into the many of the excellent web services the university offers to us. The article discusses how Microsoft is dropping the requirement of changing your password every 60 days to protect your password from being stolen, and if it was the thief would lose access to the account due to the password changing. That system worked in the early conception of the Microsoft services because track passwords was slow, and people weren’t sitting in their parent’s basements hacking into everything. But today, the changing password requirement is more of a hindrance than an advantage. Now-a-days, people will just use a singular word with a different pattern of numbers. This is actually easier to hack into or break into than a complex password that people choice when they don’t have to constantly change their password. By allowing and promoting users to use more complex passwords sites would actually be providing their consumers with a more secure network and website. Back in high school my computer teacher brought the entire school into the auditorium and discussed the importance of password security. He gave us tips on how to create a success and secure password for all websites. By coming up with a special algorithm for the different websites is what you need to do. Keep a phrase but use a special algorithm to decide the first five letters and digits as well as the last 5 digits and letters. Password security is important in network and financial security. A hacker could find the password to your bank accounts and make major financial transactions, or hack into your Microsoft account a make major purchase, delete important files, and/or view personal files.

Leave a Reply