Microsoft no longer recommends using password expiration policies because they are virtually useless starting with Windows 10, version 1903, May 2019 Update.
Channel | Publish Date | Thumbnail & View Count | Actions |
---|---|---|---|
Pureinfotech | 2022-02-25 15:03:17 | 180,396 Views |
Windows 11: Remove login password
Although Microsoft has advised configuring password expiration policies as part of its security efforts in the past (a new draft security baseline for Windows Server and Windows 10 version 1903), the company says that forcing password changes is an "ancient and outdated workaround of very little value."
While this does not mean that Microsoft is abandoning its password expiration policies for all of its software and services, the new security fundamentals make it clear that security has changed over the years and password expiration is no longer a high priority.
In a new article on the Microsoft Security Guidance blog, the company explains that if a password is never compromised, there is no need to let it expire to force the user to change it. On the other hand, if a password is compromised, there is no point in waiting for it to expire because you will want to change the password immediately.