Microsoft says mandatory password changing is “ancient and obsolete”

Via Ars Technica:

Microsoft said it was removing periodic password changes from the security baseline settings it recommends for customers and auditors. After decades of Microsoft recommending passwords be changed regularly, Microsoft employee Aaron Margosis said the requirement is an “ancient and obsolete mitigation of very low value.”

I use 1Password to reduce my own security risk by allowing it to automatically generate random passwords as required, but I’m not most people.

It’s good to see one of the industry giants admitting to the risks posed by security theatre and changing its best-practice recommendations for password management.

Andrew Canion @canion
An IndieWeb Webring 🕸💍