[Info-vax] Enhanced Password Management
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri May 31 17:30:19 EDT 2019
On 2019-04-29 20:09:53 +0000, Stephen Hoffman said:
> On 2019-03-20 20:11:26 +0000, Stephen Hoffman said:
>
> Windows 10 is removing the password policies...
>
> https://www.scmagazine.com/home/security-news/microsoft-set-to-nix-password-expiration-policies-for-windows-10/
>
https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/
"Dropping the password-expiration policies that require periodic
password changes."
...
"Why are we removing password-expiration policies? First, to try to
avoid inevitable misunderstandings, we are talking here only about
removing password-expiration policies – we are not proposing changing
requirements for minimum password length, history, or complexity.
Periodic password expiration is a defense only against the probability
that a password (or hash) will be stolen during its validity interval
and will be used by an unauthorized entity. If a password is never
stolen, there’s no need to expire it. And if you have evidence that a
password has been stolen, you would presumably act immediately rather
than wait for expiration to fix the problem."
Etc.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list