sincity Posted April 26, 2019 Share Posted April 26, 2019 Alongside the draft release of the configuration baseline settings for Windows 10 v1903 and Windows Server v1903, Microsoft has revealed its plan to do away with password expiration policies beginning with the Windows 10's May update.Once these policies are removed, organizations should replace them with modern and improved password-security practices such as multi-factor authentication, detection of attacks aimed at guessing passwords, detection of anomalous log on attempts and the enforcement of banned password lists.Microsoft offered further insight on these recommendations, saying: “While we recommend these alternatives, they cannot be expressed or enforced with our recommended security configuration baselines, which are built on Windows’ built-in Group Policy settings and cannot include customer-specific values." Microsoft decides expiring passwords are no longer useful for Windows 10The dangers of password sharing at workMicrosoft expands open data pushAccording to the company's principal consultant Aaron Margosis, the password expiration mechanism is a flawed defense method because once a password is stolen, mitigation measures should be taken immediately as opposed to when the password expires.Password expiry policiesMicrosoft also made the point that its soon to be removed password expiration policies are only a defense against the probability that a password will be stolen while its still valid and used by an unauthorized entity.Essentially the company is allowing organizations to choose the security measures that best suit their needs without contradicting its own guidance.The recently published security baseline draft also proposes removing the enforcement of built-in administrator and guest accounts being disabled by default. Administrators would then be able to enable the two accounts when they need to though the removal of the policy does not mean that these accounts will be enabled by default.It's worth keeping in mind that this is just a draft release and things could change before it is finalized though most experts agree that organizations have outgrown password expiration policies as a means of securing their accounts.Via BleepingComputerKeep your data safe on the go with the best secure driveshttp://feeds.feedburner.com/~r/techradar/digital-home/~4/XIWEN2oFHZA Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.