06/04/2019

Microsoft's Password Expiration Is Dead

Long live your passwords

May was a momentous month, which marked a victory for sanity and pragmatism over irrational paranoia. I’m obviously not talking about politics.

I’m talking about Microsoft finally — finally! but credit to them for doing this nonetheless! — removing the password expiration policies from their Windows 10 security baseline.

Many enterprise-scale organizations (including TechCrunch’s owner Verizon) require their users to change their passwords regularly. This is a spectacularly counterproductive policy. To quote Microsoft, "Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem."

Please select this link to read the complete article from TechCrunch.