Andy Levchuk
- Apr 26, 2019
- 1 min read

Microsoft: Forced Password Resets Do Not Help Security

Microsoft has acknowledged what most security researchers have known for a long time: the practice of forcing passwords to expire and requiring users to come up with new ones does not enhance security. In a blog post, Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903, Microsoft’s Aaron Margosis writes that one of the baseline changes will be “dropping the password-expiration policies that require periodic password changes.” He goes on to say that while recent research indicates that enforcement of banned password lists and multi-factor authentication are better alternatives, “they cannot be expressed or enforced with our recommended security configuration baselines.”

Recent Posts

See All

Court Orders Capital One to Release Mandiant Forensic Report on Data Breach

ZDNet reports that Magistrate Judge John Anderson from the US District Court for the Eastern District of Virginia ordered Capital One to turn over a copy of a forensic report prepared for Capital One

Zoom adds data center routing, security updates

ZDnet reports on updates to the Zoom video conference service that will address recently-reported security issues. https://www.zdnet.com/article/zoom-adds-data-center-routing-security-updates/

US and UK Issue Joint Advisory on COVID-19-Related Cyber Attacks

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre have issued a joint advisory warning of an increasing volume of cy