科技创新!
Microsoft realizes password expiration is poor security
Thinking of a secure password is hard, so demanding a user change it every 60 days fills many with dread and leads to weaker security. Microsoft has realized this and decided to remove default password expiry as a security baseline feature in Windows 10.
When organizations deploy Windows 10 to tens, hundreds, or even thousands of employees, default security out the box is very important. That's why Microsoft provides Windows security baselines, which consist of a group of Microsoft-recommended configuration settings that can be relied upon to provide a more secure operating system.
As part of the baseline, Microsoft in the past stipulated a 60-day password expiration policy, which meant every user was forced to change their password every couple of months (unless an organization changed the configuration). As Ars Technica reports, with the release of Windows 10 v1903, password expiration is being dropped from the baseline because it's actually detrimental to security.
Microsoft explains in its latest draft security baseline for Windows that, "When humans are forced to change their passwords, too often they'll make a small and predictable alteration to their existing passwords, and/or forget their new passwords ... Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there's no need to expire it."
Microsoft also points out that if a password is stolen, the thief has up to 60 days to use it based on this expiration policy, which is ample time to gain entry to a system and cause chaos. So on every level, password expiration simply doesn't work, which is why it's disappearing.
Passwords still need to meet a minimum length requirement, be complex enough so as not to be easily guessed, not have been used before, and stored securely. It may still be the case that individual organizations enforce their own expiration policy, but it seems likely the demand for a new password every few months will impact far fewer workers going forward, and that's a good thing for both their sanity and security.
Featured Video For You
How to plan for your digital death — Clarification Please
友链
外链
互链
Copyright © 2023 Powered by
Microsoft realizes password expiration is poor security-粲然可观网
sitemap
文章
847
浏览
32963
获赞
78
热门推荐
Ryan Reynolds taunts Robert Downey Jr. over fantasy football with a glorious video
It's hard to tell what Ryan Reynolds enjoys most: fantasy football, or the opportunity fantasy footbEl Salvador wants to be the first nation to treat bitcoin like cash
El Salvadorean president Nayib Bukele wants his country to lead the way globally for bitcoin.That waHow to schedule emails in Gmail
There are any number of reasons why it's sometimes a good idea to roll with a write-now-send-later aHow to use BeReal, an app asking you to stop curating your social media
When it comes to the vast pool of social sharing apps at our disposal, one trait is overwhelmingly cThis is what it's like when a covert image of you goes viral online
When Rad Konieczny first saw a screenshot of the video, he felt physically sick.A friend of a friendTwitter Safety adds new rules that ban "private media"
Hot off the heels of a brand new CEO, Twitter has announced a major update to its policy in a blog pHow to turn your iPhone into a magnifying glass
For many of us, our multitasking iPhones have replaced many other tools and gadgets, including our cGoDaddy hosting service discloses customer hack
GoDaddy wants you to know that it's really sorry. The web-hosting service disclosed Monday that it wTwitter and Facebook restrict sharing of disputed 'NY Post' article ahead of election
Facebook and Twitter restricted the spread of a disputed New York Postarticle on Wednesday.The articYouTube Originals scales back as it nears an end
YouTube is reducing its original programming division following the departure of Global Head of Orig3 reasons to pamper your pet with ultra
The following content is brought to you by Mashable partners. If you buy a product featured here, weApple pauses verification requirement for teacher and student discounts
It seems Apple had a change of heart. Either that, or the $3 trillion company realized the optics ofRyan Reynolds taunts Robert Downey Jr. over fantasy football with a glorious video
It's hard to tell what Ryan Reynolds enjoys most: fantasy football, or the opportunity fantasy footbThe best Spotify Wrapped memes of 2021
Every year, Spotify Wrapped brings up a lot for people. It raises the alarming issue of how much datGoDaddy hosting service discloses customer hack
GoDaddy wants you to know that it's really sorry. The web-hosting service disclosed Monday that it w