Microsoft had the baseline to prompt users to change their passwords every 60 days-down from the original 90 days-and Margosis wondered whether that time interval made sense. “We are talking here only about removing password-expiration policies–we are not proposing changing requirements for minimum password length, history, or complexity," wrote Aaron Margosis, a principal consultant with Microsoft Public Sector Services. Microsoft is finally telling Windows administrators there are better ways to protect systems and networks than forcing users to pick new passwords every few weeks or months. Microsoft dropped the password-expiration policy in the latest draft version of the security configuration baseline settings for Windows 10 (v1903) and Windows Server (v1903), calling the practice “an ancient and obsolete mitigation of very low value.” According to the draft document, Microsoft will no longer recommend that accounts controlled by the network’s group policy have a policy to require users to change their passwords periodically. Users who hate having to change their Windows passwords every 60 days can rejoice: Microsoft now agrees that there is no point to forced password changes and will be removing that recommendation from its security recommendations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |