Microsoft Drops Password Expiration Policies

Forum Moderators: open

Message Too Old, No Replies

Microsoft Drops Password Expiration Policies

Windows 10 v1809 and Windows Server 2019 baselines

engine

11:30 am on Apr 26, 2019 (gmt 0)

Microsoft has said it's dropping password expiration policies for Windows 10 v1809 and Windows Server 2019 baselines.

It said the requirement of a 60-day password renewal may have resulted in users getting frustrated and ending up choosing weaker passwords.

Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value. By removing it from our baseline rather than recommending a particular value or no expiration, organizations can choose whatever best suits their perceived needs without contradicting our guidance. At the same time, we must reiterate that we strongly recommend additional protections even though they cannot be expressed in our baselines.

[blogs.technet.microsoft.com...]

tangor

8:00 am on Apr 28, 2019 (gmt 0)

System: The following 2 messages were spliced on to this thread from: https://www.webmasterworld.com/microsoft_windows_os/4943857.htm [webmasterworld.com] by bill - 9:38 am on May 13, 2019 (jst +9)

Finally, some password sense

But the most welcome Windows change is likely to be abandoning periodic password resets, a requirement that annoys just about everyone. To explain its shift, Microsoft cites recent research that casts doubt on the efficacy of password expiration policies.

[theregister.co.uk...]

Commonsense coming back in vogue?

IanCP

8:54 am on Apr 28, 2019 (gmt 0)

Compulsory password change is a monster pain. Fine if you have four log-ins.

Try hundreds.