Microsoft drops password expiration policy with Windows 10 May 2019 update
Microsoft Windows 10 May 2019 update will no longer require organisations to deploy the 60 days password expiration policy.
Microsoft's next big software update will come with some interesting changes. The Windows 10 May 2019 update will render password expirations for organizations useless.
First spotted by Ars Technica, Microsoft in a blog post says that changing passwords often actually leads to weakened security instead. Windows 10 systems with baseline security configuration in organizations are required to change their passwords every 60 days.
"When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they'll write them down where others can see them. When humans are forced to change their passwords, too often they'll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use," the company explains in its blog post.
Microsoft clarifies that by removing password expiration policy the company isn't "lowering security standards". It still recommends organizations to enable additional security protections on their systems.
Microsoft will release the May 2019 Update for Windows 10 next month. In addition to this new information, the new software update has other interesting criteria. Windows 10 users who have external storage items like USB drive or microSD card will be barred from receiving the Windows 10 May 2019 Update.
The company says that it is doing so due to "inappropriate drive reassignment" on Windows 10 computers. Users will have to remove any external device from their Windows 10 systems to download the latest software update.