Microsoft Password Expiration Policy ‘Obsolete,’ Could Be Scrapped In Future Update
After researching about the matter, Microsoft has announced plans to do away with a security feature that can be considered “obsolete.”
In a blog entry, tech company Microsoft has announced that it is removing its existing password expiration policies because these are now obsolete and are of very little value in keeping Windows devices secure.These policies will be replaced by other security methods proven to be more effective.
Obsolete policies
Microsoft’s existing password expiration policies were meant to bolster security by setting validity intervals for every password users create. Once the validity interval lapses, the passwords are automatically disabled and users will be required to input a new password. Under these policies, passwords will expire every 42 days by default.
These policies were meant to protect users in the event that their passwords, or hashes, get stolen while still valid. Once the 42-day validity interval lapses, stolen passwords will be of no more use to those who stole them.
Those who believe or know that their passwords are stolen won’t be likely to wait 42 long days for the password to expire before attempting to change them. They are more likely to change it the very moment they discover that their password has been compromised, so they can regain security and keep their private information safe.
No need to expire passwords
These policies are of now use to certain users, Microsoft said. Users who are able to keep their passwords safe from phishing methods or other attempts to steal them, for example, do not need to expire their passwords. Forcing such users to change passwords from time to time only introduces them to problems, Microsoft said.
Users who tend to give their passwords away very easily also won’t benefit from such security protocols. These users, according to Microsoft, are “the kind who are willing to answer surveys in the parking lot that exchange a candy bar for their passwords.”
Suggestions for security
In lieu of these policies, Microsoft suggests different methods that are proven to keep users safe. These methods include “banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts.”
By removing the password expiration policies in future updates, organizations and users can choose the security method that best suits their needs.
© Copyright IBTimes 2024. All rights reserved.