Microsoft company in his blog that the basic security rules for Windows 10 and Windows Server that require regular password changes are essentially useless. The fact is that the system requires the creation of complex passwords, and it is problematic to remember them. Therefore, users often change or add one character, which simplifies the selection.
According to the company, scientific studies have shown that periodic and forced password changes are ineffective and only work against those who already know the user's key. Therefore, it is better to change the password not by a timer, but if necessary, without waiting for its expiration.
As an alternative, Redmond is talking about the enforcement of forbidden password lists (goodbye "qwerty" and "123456"), multi-factor authentication and biometric methods. At the same time, so far the above options are offered as an example, and not a clear guide to action.
The company said that "password expiration is an ancient and obsolete protection" and therefore it is not advisable to use it. Microsoft offers a more flexible strategy based on the specific requirements of companies, although it has not yet specified when the legacy mechanisms will be removed from the OS.
In general, the company is slowly getting rid of obsolete and unnecessary elements in the system, while only in the new one. Thus, in Redmond they follow their strategy of transferring the maximum number of users to the top ten. True, she still has problems. Recall that Windows 10 May 2019 Update has renaming disks, due to which the update to the latest version is blocked on a PC where there are connected external disks or SD memory cards.
Source: 3dnews.ru