Microsoft advises against letting passwords expire in Windows 10 – Update

Microsoft does not recommend the option to automatically expire passwords in Group Policy settings for Windows 10. According to Microsoft, it is an outdated method of security. The change is in the 2019H1 version of the operating system.

The settings to allow passwords to expire are therefore no longer part of the baseline for the upcoming release, Microsoft reports. This allows companies to disable the option without going against Microsoft’s advice.

The practice is outdated, because a malicious person can use a stolen password immediately, so the policy of a new password every two months does not protect against this. Admins can set a short term, but that means users have to change their password more often.

In addition, changing passwords frequently forces only minor changes to passwords, making them easy to guess. There are also people who physically write down their password and put it near their PC, making it not a safe method of security. In addition, users often forget about them, claims Microsoft.

The company emphasizes that the baseline of security measures in Windows 10 is a start, but not enough for a responsible security policy. The software company recommends that companies use other security measures, such as two-factor authentication and the use of banned password lists. That would improve the quality of passwords. The change applies to managed PCs with a Group Policy.

Update, Thursday: This article originally stated that the option would disappear from Windows 10, but that is incorrect. It’s just about including the option in the baseline.