قالب وردپرس درنا توس
Home / Technology / Microsoft admits that expiring password rules are useless

Microsoft admits that expiring password rules are useless



  newsroom-hero-image-password-security

Have you ever had to change your password for no reason?


Facebook

It used to be annoying. Well, it's useless.

Microsoft has admitted that one of the biggest scourges of our time, the password reset rule, is a bunk.

"When people are assigned or forced to create passwords that are too difficult to remember, they are written down to where others can see them," wrote Aaron Margosis of Microsoft in a blog post on Wednesday. Worse, Margosis wrote, when people are forced to change their password, they too often make a "small and predictable change to their existing password," or they just forget it. (Duh.)

The blog post introduces a broader set of baseline security settings that Microsoft is considering recommending to companies using their computer management software. Think of it as some kind of standard.

Unfortunately, Microsoft does not just pull the password reset feature, which would be a humane thing. In the end, it's up to your company's technical team to listen to reason or live in safety during the Stone Age.

It's worth noting that Microsoft does not change the recommendations for creating passwords. In fact, the company recommends that companies increasingly prohibit typical bad passwords and force employees to use multifactor authentication . (We at CNET are also fans of password managers .)

But do not make a mistake: Microsoft, whose Windows software controls nearly 80% of the world's computers, has finally seen the light. "The periodic expiration of passwords is an ancient and obsolete abatement of very low value," Margosis wrote.


Source link