Windows 10 update warning to its users.
Microsoft’s decision to nix the mandatory password change every 60-days on Windows 10 is also in line with the views of The National Institute of Standards and Technology or NIST under the U.S. Department of Commerce, the organisation which created the password rules. It is no hidden secret that forcing the users to change passwords was an extremely annoying experience for the Windows users. The company announced the change in its Microsoft Security Guidance blog, where, Microsoft’s principal consultant Aaron Margosis said,
“Periodic password expiration is an ancient and obsolete mitigation of very low value and we don’t believe it’s worthwhile for our baseline to enforce any specific value. If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem.”
The change has been rolled out in Microsoft’s latest Security Baseline of Windows 10 (v1903). Microsoft doesn’t believe that forcing users to update their password is an effective way to secure them.
Microsoft believes that more effort should be put into other types of prevention mechanisms. Going forward, Microsoft won’t force you to change your password. For enterprise and business accounts, if your employer is insisting that you change the corporate passwords at set intervals, you should go ahead and change it.