Microsoft planning to let go off Password Expiration Policies

Must Read

Jharkhand polls for 81 constituencies from November 30 to December 20; counting on 23rd December

Addressing a press meeting today, Chief Election Commissioner Sunil Arora has announced the poll dates for Jharkhand Legislative assembly....

Congress forms six-member committee of AICC to review situation of NRC in Assam

In a bid to review the condition of Assam state after the implementation of the NRC exercise, Congress party...

Shiv Sena elects Eknath Shinde as party’s legislative leader; Sunil Prabhu appointed as chief whip of party

In a striking breakthrough, Shiv Sena elected senior minister Eknath Shinde as the party's legislative leader today. It has...
Saurabh Joshi
Hey Guys!!! I am a regular Content Writer here and I bring to you the latest and the hottest Tech related news and blogs. I hope you enjoy reading my content and are learning something new everyday. Thanks and have a nice day!!!

Microsoft admits that password expiration policies are a pointless security measure. The company has published an explanation of the draft release of its security configuration baseline settings for Windows 10 1903 and Windows Server 1903. This document sets guidelines for Group Policy baseline settings, and with this latest draft, there are some significant changes. Among the most noteworthy is a change to no longer set password expiration policies that require “periodic password changes,” a long-standing baseline that Microsoft says has become “an ancient and obsolete mitigation of very low value.”

The blog post goes on to explain as to why Microsoft is dropping the password expiration policy, noting first that “we are not proposing changing requirements for minimum password length, history, or complexity:”

“Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem.”

In addition to the news about password expiration, default disabling of built-in Guest and Administrator accounts are also being discussed for elimination.

Note that removing these settings from the baseline would not mean that we recommend that these accounts be enabled, nor would removing these settings mean that the accounts will be enabled. Removing the settings from the baselines would simply mean that administrators could now choose to enable these accounts as needed.

Microsoft is proposing to drop the password expiration policy for Windows 10 version 1903 and Windows Server version1903 but also insists that users should keep using strong passwords and any available additional protections in order to keep their data safe.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Average milk production per cow in India up 35%: Govt

New Delhi, Nov 22 (IANS) The average milk production per cow in the country went up by 35 per...

D/N Test: B’desh name Mehidy, Taijul concussion substitutes (Lead)

Kolkata, Nov 22 (IANS) Bangladesh's Mehidy Hasan and Taijul Islam were named concussion substitutes for Liton Das and Nayeem Hasan respectively after both batsmen...

Lived in thatch hut to catch director’s eye: Adil Hussain

Panaji, Nov 22 (IANS) To catch the attention of a film director and snatch his first big break, critically acclaimed actor Adil Hussain even...

Telegram founder Durov asks people to delete WhatsApp

San Francisco, Nov 22 (IANS) Telegram founder Parel Durov, in his post on the platform, has urged people to delete WhatsApp unless they are...

Doctor saves man’s life by sucking urine out from his bladder

New York, Nov 22 (IANS) A doctor has been hailed for saving an elderly man's's life by sucking urine from his bladder during mid-flight.When...
- Advertisement -

More Articles Like This