科技创新!
Microsoft realizes password expiration is poor security
Thinking of a secure password is hard, so demanding a user change it every 60 days fills many with dread and leads to weaker security. Microsoft has realized this and decided to remove default password expiry as a security baseline feature in Windows 10.
When organizations deploy Windows 10 to tens, hundreds, or even thousands of employees, default security out the box is very important. That's why Microsoft provides Windows security baselines, which consist of a group of Microsoft-recommended configuration settings that can be relied upon to provide a more secure operating system.
As part of the baseline, Microsoft in the past stipulated a 60-day password expiration policy, which meant every user was forced to change their password every couple of months (unless an organization changed the configuration). As Ars Technica reports, with the release of Windows 10 v1903, password expiration is being dropped from the baseline because it's actually detrimental to security.
Microsoft explains in its latest draft security baseline for Windows that, "When humans are forced to change their passwords, too often they'll make a small and predictable alteration to their existing passwords, and/or forget their new passwords ... Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there's no need to expire it."
Microsoft also points out that if a password is stolen, the thief has up to 60 days to use it based on this expiration policy, which is ample time to gain entry to a system and cause chaos. So on every level, password expiration simply doesn't work, which is why it's disappearing.
Passwords still need to meet a minimum length requirement, be complex enough so as not to be easily guessed, not have been used before, and stored securely. It may still be the case that individual organizations enforce their own expiration policy, but it seems likely the demand for a new password every few months will impact far fewer workers going forward, and that's a good thing for both their sanity and security.
Featured Video For You
How to plan for your digital death — Clarification Please
友链
外链
互链
Copyright © 2023 Powered by
Microsoft realizes password expiration is poor security-叶瘦花残网
sitemap
文章
8
浏览
46951
获赞
473
热门推荐
Don't use any THC vaping product, FDA warns
The U.S. Food and Drug Administration has significantly ramped up its warnings about vaping productsGet 25% off Under Armour Fleece activewear
TL;DR:Under Armour is having a 25% off saleon all of their warm and stylish Armour Fleece® gearThese are the emoji most often used in connection with coronavirus
There's no denying the fact we're living through a worrying moment in history. Many of us are undersFacebook finally appoints members to its Oversight Board, but will it really matter?
A Yemeni Nobel Peace Prize laureate who organized protests during the Arab Spring. The Vice PresidenMozilla tells Facebook and Twitter to 'unfck the internet' before the U.S. election
Mozilla, the nonprofit organization behind the popular Firefox web browser, is calling on Facebook aApple announces June 22 date for virtual WWDC event
Get ready for an exciting virtual conference that is definitely not a boring slog like... every otheAmazon launches faster Fire HD 8 tablets with more storage
Amazon has given its lineup of Fire HD 8 tablets an overhaul, complete with faster processors, moreThis song about coronavirus, written by 2 little kids, is surprisingly touching
Remember that little kid's song about dinosaur extinction that went viral a few weeks ago?Well, fourThe best Pride Month memes of 2019
June is Pride Month: the time of year when the LGBTQ community comes together to proudly and collectTesla cars with updated Autopilot will now stop at traffic lights
Tesla's inching closer to the self-driving dream with its latest Autopilot update.Last week, Tesla qBing made the best coronavirus tracker. Seriously.
As my quarantine hits day 40, I've settled on a routine for checking on the coronavirus data that flAdobe Fresco's coloring books are a great at
I might be the worst artist in the world.Alright, that's probably a little hyperbolic, but I'm prettTim Cook on Hong Kong protest app removal: We did it to protect our users
Apple has received a fair amount of backlash over its decision to ban an app that allows Hong Kong pHow to exorcise, and forgive, the ghosts of your online dating life
In our Love App-tually series, Mashable shines a light into the foggy world of online dating. It isApple announces June 22 date for virtual WWDC event
Get ready for an exciting virtual conference that is definitely not a boring slog like... every othe