For years now, the argument for an arbitrary password expiration date has been torn to shreds. Most security professionals recognize that, while changing passwords can help increase security and using different passwords for different purposes is critical, requiring a password change at a certain date and time does little to help increase security anywhere.
Other options, like two-factor authentication and password programs that store longer, more complex passwords can offer higher levels of security to other organizations. Now, Microsoft is finally jumping on board with this changing security standard.
As of the May update, Windows 10 will no longer cause passwords to expire at an arbitrary point in time in its base settings. Instead of requiring users to choose (and remember) new, secure passwords, the company will now allow each user to decide on their own when and if to change their password settings.
How Should You Keep Your Passwords Secure?
If you worry that no longer requiring password changes–which Microsoft used to recommend every 60 days at minimum, penalizing companies that did not include this option–there are several strategies that can help increase security.
Using a strategy beyond a mere password can make it harder for unauthorized users to access confidential information within your company.
Instead of allowing users to choose any password they can remember, a banned passwords list requires users to avoid, among other things, dictionary words or options that could easily be guessed by a hacker.
In addition to banning common, simple passwords, in order to improve security, many businesses choose to insist on a certain level of password complexity. Complex passwords make it harder to simply guess or even crack passwords.