In Windows 10, Microsoft offers a password expiration feature that forces users to change their passwords periodically. In the next update of the system, the firm has decided to abandon this policy which according to it is useless.
Regularly resetting passwords is one of the best practices often recommended for account security. Microsoft has always adhered to this principle, which it translates into an option that imposes the periodic renewal of passwords on PCs running Windows 10 and even on Windows 8.1, 7 and XP. This is the default case with Enterprise editions and on Windows Server. Starting with the Windows 10 May 2019 Update, Microsoft decided to do away with this policy.
Microsoft finally recognizes that password expiration is unnecessary
The Redmond firm justifies this change in its recommendations by the fact that by resetting their codes too often, users are forced to make “a small predictable change to their existing passwords”. Otherwise, they run the risk of forgetting them. On the other hand, “when they have to create passwords that are difficult to remember, they write them down where others can see them”, which poses obvious security risks. For Microsoft, changing password is not necessary as long as the one in use has not been hacked.
Read also : Password Checkup for Chrome: this extension alerts you if your password has been hacked
The company also relies on recent scientific research that challenges many password security practices. The results of these studies point to the futility of provisions such as password expirations. Microsoft joins the researchers and says there are better recommendations, such as banning the use of insecure passwords, those that are regularly listed as too easy to guess.
Finally, such a change in policy on the part of Microsoft is not really surprising insofar as the company is already in favor of abandoning passwords on Windows 10 in favor of biometric authentication methods (fingerprints fingerprints, facial recognition, etc.).