Latest in Gear

Image credit: SOPA Images via Getty Images

Microsoft knows password-expiration policies are useless

But it isn’t doing away with them across the board, yet.
2753 Shares
Share
Tweet
Share
Save

Sponsored Links

SOPA Images via Getty Images

Microsoft admitted today that password-expiration policies are a pointless security measure. Such requirements are "an ancient and obsolete mitigation of very low value," the company wrote in a blog post on draft security baseline settings for Windows 10 v1903 and Windows Server v1903. Microsoft isn't doing away with its password-expiration policies across the board, but the blog post makes the company's stance clear: expiring passwords does little good.

As the blog post explains, if a password is never stolen, there's no need to expire it. And if a password is suspected to be stolen, you would want to act immediately, not wait until the expiration date. Forced updates also lead to more users writing their passwords down or forgetting them altogether. Plus, as Microsoft puts it, "if your users are the kind who are willing to answer surveys in the parking lot that exchange a candy bar for their passwords, no password expiration policy will help you."

The company admits that the state of password security is problematic, but it says multi-factor authentication and banned-password lists are more effective security measures. Microsoft is proposing to drop password-expiration policies from its security baseline for Windows 10 v1903 and Windows Server v1903, but that will impact a relatively small subset of users. The company doesn't plan to change requirements for minimum password length, history or complexity. And while it can't include multi-factor authentication or banned-password lists in the security baseline, the blog post "strongly recommends" users seek additional protections. So, you can keep updating your passwords if you'd like, but even Microsoft will tell you that's not going to keep you safe.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
2753 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
B&H sale cuts up to $350 off Apple's 2019 iMacs

B&H sale cuts up to $350 off Apple's 2019 iMacs

View
NVIDIA's latest GPU drivers pack a speed boost for 'Apex Legends'

NVIDIA's latest GPU drivers pack a speed boost for 'Apex Legends'

View
The latest 'Fortnite' weapon lets you drop heavy stuff on opponents’ heads

The latest 'Fortnite' weapon lets you drop heavy stuff on opponents’ heads

View
ThinkPad X1 Carbon review (2019): Sometimes it’s good to be boring

ThinkPad X1 Carbon review (2019): Sometimes it’s good to be boring

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr