HomeSoftwareIT SecurityWindows wants to stop requirement that users change their password regularly

Windows wants to stop requirement that users change their password regularly

Published on

The Microsoft proposed to end a Windows policy that requires users to periodically change your password. In a statement posted on its official blog on Wednesday, the company said its new security configuration would no longer pressure users to change their passwords after a certain amount of time.

For the company, the existing policy is an “old, obsolete and very low value” medicine, and the company does not “think it’s worth it” to keep it any longer. “If a password is ever stolen, there is no need to expire it. And if you have proof that a password has been stolen, you would presumably act immediately, instead of waiting for the expiration [of the access credential] to correct the problem,” said Microsoft consultant Aaron Margosis.

He also raised questions about the effectiveness of Microsoft’s current policy: “If a password is likely to be stolen, how many days is an acceptable time to continue allowing the thief to use that stolen password? Windows default is 42 days Does not this seem like a ridiculously long time? ”

In other words, Microsoft wants to value the use of strong, long, and unique passwords, and no longer force users to change them regularly unnecessarily, as it is nowadays. And they’re not the only ones who believe that: former Federal Trade Commission chief technology officer Lorrie Cranor said in a post dated 2016 that forcing users to change their passwords from time to time may result in weaker passwords.

“The researchers also point out that an attacker who already knows a user’s password is not likely to be prevented by a password change,” Cranor wrote. “Once an attacker knows a password, they often can guess the user’s next password quite easily,” he adds.

Shortly thereafter, the National Institute of Standards and Technology (NIST), which advises the US government on cybersecurity practices and policies, has revised its own advice to remove policies that require periodic password changes. Bill Burr, the retired NIST manager who developed a policy of recommending password expiration in 2003, lamented the idea in a 2017 interview, saying the rule “really had a negative impact on usability.”

Latest articles

Here’s How and When Mount Everest-sized ‘Devil Comet’ Can Be Seen With Naked Eye

Mount Everest sized Comet 12P/Pons-Brooks, also known as "devil comet" which is making its...

Something Fascinating Happened When a Giant Quantum Vortex was Created in Superfluid Helium

Scientists created a giant swirling vortex within superfluid helium that is chilled to the...

The Science of Middle-aged Brain and the Best Thing You Can Do to Keep it Healthy, Revealed

Middle age: It is an important period in brain aging, characterized by unique biological...

Science Shock: Salmon’s Food Choices Better at Reducing Risk of Heart Disease and Stroke

Salmon: Rich in Health Benefits, Yet May Offer Less Nutritional Value - This is...

More like this

Here’s How and When Mount Everest-sized ‘Devil Comet’ Can Be Seen With Naked Eye

Mount Everest sized Comet 12P/Pons-Brooks, also known as "devil comet" which is making its...

Something Fascinating Happened When a Giant Quantum Vortex was Created in Superfluid Helium

Scientists created a giant swirling vortex within superfluid helium that is chilled to the...

The Science of Middle-aged Brain and the Best Thing You Can Do to Keep it Healthy, Revealed

Middle age: It is an important period in brain aging, characterized by unique biological...