top of page
Search
Andy Levchuk

Microsoft: Forced Password Resets Do Not Help Security

Microsoft has acknowledged what most security researchers have known for a long time: the practice of forcing passwords to expire and requiring users to come up with new ones does not enhance security. In a blog post, Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903, Microsoft’s Aaron Margosis writes that one of the baseline changes will be “dropping the password-expiration policies that require periodic password changes.” He goes on to say that while recent research indicates that enforcement of banned password lists and multi-factor authentication are better alternatives, “they cannot be expressed or enforced with our recommended security configuration baselines.”

4 views0 comments

Recent Posts

See All

Comentários


bottom of page