Microsoft has admitted that one of the biggest scourges of our time, the password reset rule, is a bunk.
"When people are assigned or forced to create passwords that are too difficult to remember, they are written down to where others can see them," wrote Aaron Margosis of Microsoft in a blog post on Wednesday. Worse, Margosis wrote, when people are forced to change their password, they too often make a "small and predictable change to their existing password," or they just forget it. (Duh.)
The blog post introduces a broader set of baseline security settings that Microsoft is considering recommending to companies using their computer management software. Think of it as some kind of standard.
Unfortunately, Microsoft does not just pull the password reset feature, which would be a humane thing. In the end, it's up to your company's technical team to listen to reason or live in safety during the Stone Age.
It's worth noting that Microsoft does not change the recommendations for creating passwords. In fact, the company recommends that companies increasingly prohibit typicaland force employees to use . (We at CNET are also fans of .)
But do not make a mistake: Microsoft, whose Windows software controls nearly 80% of the world's computers, has finally seen the light. "The periodic expiration of passwords is an ancient and obsolete abatement of very low value," Margosis wrote.