Connect with us

Microsoft

Windows 10 passwords won’t expire

Published

on

Windows 10 passwords will no longer expire, according to a recent Microsoft blog post. The post announced updated security measures for Windows 10 v1903 and Windows Server v1903, but one of the most controversial changes is the removal of password expiration policies.

Password security is not a new issue, with many people either using the same password for every account or easy to hack passwords like “123456,” “qwerty,” “password,” or “111111.” These habits caused many organizations to enforce employees to change their passwords every prescribed amount of days.

Microsoft was an organization that initially took this approach, forcing Windows users to change their passwords on a regular basis. It’s no secret that these policies are not favored by users, causing more headaches and bad practices than protection.

The majority of consumers (75%) said they are stressed by the number of passwords they have to remember, causing them to only slightly change passwords, or frequently forget them, according to a recent Kaspersky report.

Is it a good idea to remove password expiration? The short answer? Yes

For more about Microsoft’s elimination of password expiration, check out our ZDNet’s coverage.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cyber Security

Microsoft warns Computer Users of BlueKeep Worm

Published

on

Microsoft revealed a major Windows security vulnerability earlier this month, that could see a widespread “wormable” attack that spreads from one vulnerable computer to the next. We saw a similar flaw back in 2017 which led to the WannaCry malware causing mayhem for thousands of machines.

While Microsoft has released patches for Windows systems, warns Simon Pope, director of incident response at Microsoft’s Security Response Center (MSRC). “It’s been only two weeks since the fix was released and there has been no sign of a worm yet.

Pope notes that it was nearly two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected. The EternalBlue exploit was leaked publicly, allowing hackers to create malware freely. This new BlueKeep flaw hasn’t yet been publicly disclosed, but that doesn’t mean there won’t be malware. “It is possible that we won’t see this vulnerability incorporated into malware,” says Pope. “But that’s not the way to bet.”

This new major Windows security exploit involves a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. These operating systems still make up a big chunk of the overall Windows machines in use, especially in corporate environments. Microsoft is now strongly advising system admins to update machines as soon as possible.

Source: TheVerge

Continue Reading

Trending