Microsoft updates Security Baseline: drops password expiration

[harlan4096]

Microsoft published a draft of the security baseline for Windows 10 version 1903, the May 2019 Update, and Windows Server 2019 (v1903).

While you can download the draft and go through it word by word, you may also head over to the Microsoft Security Guidance blog if you are just interested in the things that changed when compared to security baselines for previous versions of Windows.

The blog post highlights eight changes in particular, and at least one may make the life of computer users more convenient. Microsoft dropped password expiration policies that require frequent password changes from the security baselines for Windows 10 version 1903 and Windows Server 1903.

I worked in IT support for a large German financial organization more than 15 years ago. Security policies were set to very high standards and one of the most painful policies was the enforcement of regular password changes. I cannot remember the exact interval but it happened multiple times a year and rules dictated that you had to pick a secure password, could not re-use any of the parts of the existing password, and had to follow certain guidelines in regards to password selection.

This resulted in many support requests by employees who could not remember their passwords, and others writing their new passwords down because they could not remember them.

Microsoft explains the reason behind the dropping of the password expiration policies in the blog post. Microsoft mentions the same issues that I had when I worked in IT:

When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.

Continue Reading

[Deep900]

Maybe more convenient but less secure. It is important to frequently change passwords, and keep the same password for a too long time is not a safe habit. Luckily most of the modern services nowadays offer also 2 step verification login methods to keep the logins safer.