科技创新!
Microsoft realizes password expiration is poor security
Thinking of a secure password is hard, so demanding a user change it every 60 days fills many with dread and leads to weaker security. Microsoft has realized this and decided to remove default password expiry as a security baseline feature in Windows 10.
When organizations deploy Windows 10 to tens, hundreds, or even thousands of employees, default security out the box is very important. That's why Microsoft provides Windows security baselines, which consist of a group of Microsoft-recommended configuration settings that can be relied upon to provide a more secure operating system.
As part of the baseline, Microsoft in the past stipulated a 60-day password expiration policy, which meant every user was forced to change their password every couple of months (unless an organization changed the configuration). As Ars Technica reports, with the release of Windows 10 v1903, password expiration is being dropped from the baseline because it's actually detrimental to security.
Microsoft explains in its latest draft security baseline for Windows that, "When humans are forced to change their passwords, too often they'll make a small and predictable alteration to their existing passwords, and/or forget their new passwords ... Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there's no need to expire it."
Microsoft also points out that if a password is stolen, the thief has up to 60 days to use it based on this expiration policy, which is ample time to gain entry to a system and cause chaos. So on every level, password expiration simply doesn't work, which is why it's disappearing.
Passwords still need to meet a minimum length requirement, be complex enough so as not to be easily guessed, not have been used before, and stored securely. It may still be the case that individual organizations enforce their own expiration policy, but it seems likely the demand for a new password every few months will impact far fewer workers going forward, and that's a good thing for both their sanity and security.
Featured Video For You
How to plan for your digital death — Clarification Please
友链
外链
互链
Copyright © 2023 Powered by
Microsoft realizes password expiration is poor security-拍板定案网
sitemap
文章
7
浏览
8148
获赞
437
热门推荐
It took a coronavirus outbreak for self
Suddenly, a future full of self-driving cars isn't just a sci-fi pipe dream. What used to be consideSlack is banning some users who have visited Iran and other countries
If you’ve ever visited Iran, Cuba, North Korea, Syria, or the Crimea region, you should probabApple replaced 11 million iPhone batteries in 2018
The future of Apple is uncertain now that iPhone sales are flat, and it's not clear what the companyTape emerges of Shia LaBeouf making racist comments towards police
Shia LaBeouf has apologized after footage leaked showing the actor making racist comments towards poTwitter tests asking iOS users to cut it out with all the bad language
Twitter is pretty sure you could all be a littler nicer. The social media company that's practicallyGuy carrying a peacock on the subway and no one paying attention is peak NYC
New York City residents are used to seeing strange things on the subway -- dogs in suitcases, impromWatch a bunch of jewelry robbers fail miserably
A jewelry store in Malaysia shared security footage of a smash and grab gone wrong, and the internetHTC's new Vive Pro Eye headset features built
HTC's best VR headset just got a lot more exciting.The company unveiled a new Vive Pro Eye headset,Someone is trolling a senator with mean fortune cookies
Back in my day, people sent hate mail to their representatives the good old fashioned way -- with leA few ways Trump has been 'acting sharper' in meetings
Ever since Trump fired Anthony Scaramucci and installed John Kelly as the new chief of staff, he hasNow you can pre
It's a hog on a diet.Harley-Davidson announced Monday at CES that its all-electric motorcycle, the LGuy carrying a peacock on the subway and no one paying attention is peak NYC
New York City residents are used to seeing strange things on the subway -- dogs in suitcases, impromInstagram's 'Hashtag Mindfulness' boom: The good, the bad, and the ugly
March Mindfulness is our new series that examines the explosive growth in mindfulness and meditationGoogle's futuristic gesture
There's still hope for Google's gesture-sensing radar tech, Project Soli.The project, which Google fEd Sheeran cracks down on ticket scalpers to save his fans money
Ed Sheeran may have found a way to redeem himself for his dud of a cameo in this week's Game of Thro