Techrecipe

MS “Windows password periodic changes do not need”

Microsoft released a draft of the 1903 or 19H1 and Windows Server version 1903 security standards for the May 2019 Update.

The eye-catching is the abolition of the password expiration policy that is still in use today. Microsoft thinks that the policy of changing the password expiration deadline on Windows on a regular basis is no longer useful.

Windows security standards are based on opinions set by Microsoft, partners, and experts. Security settings such as PC depend on the usage environment. For example, if you are an e-commerce company, you need to focus on online security. In hospitals, the protection of patients’ personal information is a top priority.

However, creating a policy from the beginning of a business or organization means a lot of time and money. Microsoft therefore sets security standards based on partner, customer, and expert opinions. An expired password is a structure that prevents fraudulent use and reduces damage if a password is stolen. It was introduced in the thought that it will be some degree of defense after a period of time even if the password is stolen even though the user does not know it by periodic update.

On the other hand, it has been pointed out that if a password is not stolen frequently, it can be a security risk, especially if you change the password frequently, because the password is easily patterned and guessed or the password must be written somewhere.

That’s why Microsoft removed the password expiration policy from the security update, saying it is outdated and outdated. At the same time, it is not immediately included in the standard, but it is highly encouraged to take additional safeguards, including multilevel authentication.

Even if Microsoft does not recommend it, it does not eliminate the ability to change passwords in version 1903. Periodic changes may be made with the expiration date. Security standards are only one criterion. The important thing is the corporate or organizational policy.

However, it is clear that Microsoft will not actually affect the security standards of PCs if it says that there is no need to periodically change passwords. For more information, please click here .