Friday, November 1, 2024
HomeMicrosoftMicrosoft Decided to Shut Down The Password Expiration Policy for Windows -...

Microsoft Decided to Shut Down The Password Expiration Policy for Windows – It’s a Useless Policy

Published on

Malware protection

Microsoft released a new announcement that they are preparing to stop the Password expiration policies for Windows which required users to periodically change their password.

Password expiration policies are one of the windows Password security future that only prevent against the probability that a password (or hash) will be stolen.

If the password is never stolen then there is no need to expire the password and the user have evidence that the password is stolen then they immediately change their password.

- Advertisement - SIEM as a Service

Even if the password has a certain periodical expire date, (Windows default is 42 days) stolen password will be already misused by the attacker before it reaches the password expire date.

All these points were put into the place, Microsoft feels that there will be no password expiration policy will help you against the password attack.

A blog post published by Microsoft explained, “When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use. “

Currently, Microsoft enforced baseline says 60 days – and used to say 90 days because forcing frequent expiration introduces its own problems.

Other Best Options than Password Expiration Policies for Password security

In this case, Microsoft points out the recent scientific research that there is
long-standing password-security alternative practices such as enforcing banned-password lists (a great example being Azure AD password protection) and multi-factor authentication.

Organization have alot of option for password security including
banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts.

“if they haven’t implemented modern mitigations, how much protection will they really gain from password expiration?” Microsoft stats in the blog post.

Accorinding to Microsoft “we don’t believe it’s worthwhile for our baseline to enforce any specific value. By removing it from our baseline rather than recommending a particular value or no expiration, organizations can choose whatever best suits their perceived needs without contradicting our guidance.

By dropping the password expiration policies doesn’t propose to change the requirements for minimum password length, history, or complexity.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Most Hacked Passwords – Top 100,000 Common Passwords that Already Known to Hackers

USBStealer – Password Hacking Tool For Windows Applications to Perform Windows Penetration Testing

How to Hack WPA/WPA2 PSK Enabled WiFi Password in Your Network

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Microsoft Customers Facing 600 Million Cyber Attack Launched Every Day

Microsoft's customers are under constant cyber assault, facing millions of attacks daily from various...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...