Byebye 60-day password expiration

by Volker Weber

For many years, Microsoft has published a security baseline configuration: a set of system policies that are a reasonable default for a typical organization. This configuration may be sufficient for some companies, and it represents a good starting point for those corporations that need something stricter. While most of the settings have been unproblematic, one particular decision has long drawn the ire of end-users and helpdesks alike: a 60-day password expiration policy that forces a password change every two months. That reality is no longer: the latest draft for the baseline configuration for Windows 10 version 1903 and Windows Server version 1903 drops this tedious requirement.

I wonder how many years it will take for Enterprise IT to catch up.

More >

Comments

At least one can say: Shots fired.

Frank Quednau, 2019-04-25

60! ;-)

Markus Dierker, 2019-04-25

Solange in Deutschland das BSI im IT Grundschutz seine Meinung dazu nicht ändert, wohl nicht so schnell.

Gerhard Heeke, 2019-04-25

BSI Grundschutz ist das eine.
Viele in der IT haben nicht mehr die Motivation neues zu tun und halten lieber an alten Dingen fest - "Die man kennt und beherrscht".
So lange hinter Firewalls und Jump-Servern noch Windows XP Maschinen mit Teamviewer stehen, die ach so wichtige "Businesskritische Applikationen" betreiben, werden wir auch noch Passworte sehen...
Anlagen aus den 80ern mit DOS 6.22 - Passworte.
Motivationen und Gründe dafür sind hinlänglich bekannt.
In den o.g. Szenarien würde das BSI rennen.
Das ist leider Realität.
Das findet man überall.

Jürgen Sting, 2019-04-26

Nachdem sie es hier in einem DAX-30-Konzern mal mit 35 Tagen oder so versucht haben, wurde es vor einigen Jahren schon auf 90 Tage geändert. Das war wahrscheinlich den Top-Managern zu nervig. :)

Neulich haben wir endlich einige interne Windows (NT!)-Rechner vom Login mit Passwort "admin" umgestellt... Wenn interne Geldgeber keinen "Pott" für Upgrades bekommen, dauert es halt alles etwas.

Thomas Meyer, 2019-04-26

Vorteil am NT Rechner: Der ist mittlerweile so alt, das die Chance steigt, dass die Malware damit nix anfangen kann.....

Patrick Bohr, 2019-04-26

@Patrick: Berichten zufolge hat WannaCry bereits auf Windows XP SP1 nur noch einen BlueScreen erzeugt... :-)

Ragnar Schierholz, 2019-04-26

My employer (one of the biggest companies in this country) just changed the minimum password length to 15 and got rid of the expiration policy for our main accounts. Instead there is some routine running all the time which checks the passwords. If it can crack yours then you’ll be forced to change your password. This way only people with weak passwords will be bothered and will hopefully learn.

Now there is only one problem left: too many systems which do not use the main account.

Torsten Rausche, 2019-04-29

argument against no expiration: users use work password also on private accounts (like spotify).

Problem with that: on of these private accounts lands one a password list and then the company account is easily hacked

Or do I miss s.th. here?


Matthias Welling, 2019-04-30

First: It is very unlikely that they use their company ID as their Spotify ID. But more importantly, passwords are unsafe, even if they are changed every 60 days. You need to do better.

Volker Weber, 2019-04-30

Post a comment

Store next two fields in a cookie for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.

Recent comments

Roland Dressler on How to make boring software look sexy :: Exhibit 1 Microsoft at 13:13
Hubert Stettner on May Android Updates :: Samsung wins again at 12:40
Hubert Stettner on How to make boring software look sexy :: Exhibit 1 Microsoft at 12:39
David Guillaume on May Android Updates :: Samsung wins again at 12:03
Lars Berntrop-Bos on May Android Updates :: Samsung wins again at 11:54
Martin Kautz on Externe SSD mit USB-C für aktuell 88 Euro at 11:07
Volker Weber on May Android Updates :: Samsung wins again at 10:36
Felix Kluge on May Android Updates :: Samsung wins again at 10:35
Thomas Cloer on Vipp 501 :: From my inbox at 10:12
Manfred Wiktorin on satellite für Android ist fertig at 10:05
Markus Heyl on Typ-2-Diabetes lässt sich wohl wieder zurückdrängen #dontbreakthechain at 09:51
Volker Weber on satellite für Android ist fertig at 09:44
Dirk Hagedorn on satellite für Android ist fertig at 09:43
Sami Bahri on No Limits at 07:12
Nick Coenen on No Limits at 02:58
Robert Schneider on Typ-2-Diabetes lässt sich wohl wieder zurückdrängen #dontbreakthechain at 18:28
Armin Grewe on Yancey Strickler :: The Internet is Becoming a Dark Forest at 17:44
Till Nachtmann on Yancey Strickler :: The Internet is Becoming a Dark Forest at 16:33
Volker Weber on Yancey Strickler :: The Internet is Becoming a Dark Forest at 15:22
Volker Weber on If you build barriers, people will build around you. If you are lucky. at 15:07
Armin Grewe on Yancey Strickler :: The Internet is Becoming a Dark Forest at 11:28
Theo Heselmans on If you build barriers, people will build around you. If you are lucky. at 11:13
Tim Oliver Spielmann on Ladeprobleme mit dem Apple Smart Battery Case at 09:00
Maikel Maes on Externe SSD mit USB-C für aktuell 88 Euro at 00:38
Volker Weber on Yet another butterfly for Apple at 20:58

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 17:27

visitors.gif

buy me coffee

Paypal vowe