Microsoft says mandatory password changing is “ancient and obsolete”

Via Ars Technica:

Microsoft said it was removing periodic password changes from the security baseline settings it recommends for customers and auditors. After decades of Microsoft recommending passwords be changed regularly, Microsoft employee Aaron Margosis said the requirement is an “ancient and obsolete mitigation of very low value.”

I use 1Password to reduce my own security risk by allowing it to automatically generate random passwords as required, but I’m not most people.

It’s good to see one of the industry giants admitting to the risks posed by security theatre and changing its best-practice recommendations for password management.

1 Comment

  1. I’ve used 1Password for several years. I use a different randomly generated complex password for every account. I don’t change them.

    I work as an information security architect. I’ve spent the last week sharing that Microsoft news with every IT person I know.

Leave a Reply

Your email address will not be published.

© 2019 Andrew Canion

Theme by Anders NorénUp ↑