Microsoft admits Windows password expiration policy is ineffective

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about PCs ever since his childhood days, and this led him to take interest in all PC-related technologies. Before joining WindowsReport, he worked as... read more
Affiliate Disclosure
Windows password expiration policy changes

In a blog post published this week, Microsoft finally admitted that its password-expiration policies are useless. The Redmond giant plans to eliminate this feature in Windows Server 1903 and Windows 10 May 2019 Update

Windows Group Policy users often use the password expiration feature. After a specified time period, this feature prompts them to change their passwords

Password expiration policy is ineffective

It seems that password policies will no longer be a part of Windows Server 1903 and the May 2019 Update. Microsoft thinks that password expiration is not as effective as it was initially thought to be.

The tech giant thinks that no one should wait for a predefined expiration date to change an already stolen password. Furthermore, the company described the policy to be ineffective and outdated. 

Changing password, again and again, is nothing more than a headache for users. As a matter of fact, most Windows users are only adding minor changes to their existing passwords. They rarely set up completely new passwords.

In this case, it is a lot easier for hackers to get unauthorized access to their systems. Secondly, users often tend to forget their new passwords and recovering them is a headache in itself. 

Switch to advanced security techniques

Microsoft is of the opinion that IT administrators and organizations should move on to some effective and advanced security techniques. Microsoft recommends companies to use password manager applications such as the Azure Active Directory password protection tool.

These tools help users to avoid common passwords that are easier to guess for anyone. A recent report revealed that 123456 is the default password for millions of people.

In order to secure your system, you can also use multi-factor authentication solutions, and unrecognised login attempts detection tools.

As far as Windows 10 users are concerned, Microsoft says that regularly updating your password does not guarantee the complete protection of your system.

You should also use some additional protection measures as well.


This article covers:Topics: