Windows 10: Microsoft updates Security Baseline: drops password expiration

Discus and support Microsoft updates Security Baseline: drops password expiration in Windows 10 News to solve the problem; Microsoft published a draft of the security baseline for Windows 10 version 1903, the May 2019 Update, and Windows Server 2019 (v1903). While you can... Discussion in 'Windows 10 News' started by GHacks, Apr 25, 2019.

  1. GHacks
    GHacks New Member

    Microsoft updates Security Baseline: drops password expiration


    Microsoft published a draft of the security baseline for Windows 10 version 1903, the May 2019 Update, and Windows Server 2019 (v1903).

    While you can download the draft and go through it word by word, you may also head over to the Microsoft Security Guidance blog if you are just interested in the things that changed when compared to security baselines for previous versions of Windows.

    The blog post highlights eight changes in particular, and at least one may make the life of computer users more convenient. Microsoft dropped password expiration policies that require frequent password changes from the security baselines for Windows 10 version 1903 and Windows Server 1903.

    I worked in IT support for a large German financial organization more than 15 years ago. Security policies were set to very high standards and one of the most painful policies was the enforcement of regular password changes. I cannot remember the exact interval but it happened multiple times a year and rules dictated that you had to pick a secure password, could not re-use any of the parts of the existing password, and had to follow certain guidelines in regards to password selection.

    Microsoft updates Security Baseline: drops password expiration maximum-password-age.png

    This resulted in many support requests by employees who could not remember their passwords, and others writing their new passwords down because they could not remember them.

    Microsoft explains the reason behind the dropping of the password expiration policies in the blog post. Microsoft mentions the same issues that I had when I worked in IT:


    When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.

    Microsoft notes that password expiration policies help against a single scenario only: when passwords get compromised. If a password does not get compromised, there is no need to change passwords regularly.

    The default time period for the expiration of passwords was set to 60 days, and the Windows default is 42 days. It was 90 days in earlier baselines; that is a long time and not very effective either as a compromised password may not be changed for several weeks or even months so that an attacker may use it for that period.


    Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value.

    Microsoft notes that other security practices improve security significantly even though they are not in the baseline. Two-factor authentication, the monitoring of unusual login activity, or enforcing a blacklist of passwords are mentioned by Microsoft explicitly.

    Other changes that are noteworthy:

    • Dropping the enforced disabling of the built-in Windows administrator and Guest account.
    • Dropping of specific BitLocker drive encryption methods and cipher strength settings.
    • Disabling multicast name resolution.
    • Configuring "Let Windows apps activate with voice while the system is locked".
    • Enabling the "Enable svchost.exe mitigation options" policy.
    • Dropping File Explorer "Turn off Data Execution Prevention for Explorer" and "Turn off heap termination on corruption".
    • Restricting the NetBT NodeType to P-node, disallowing the use of broadcast to register or resolve names, also to mitigate server spoofing threats.
    • Adding recommended auditing settings for Kerberos authentication service.

    Now You: What is your take on password expiration policies?

    Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft updates Security Baseline: drops password expiration appeared first on gHacks Technology News.

    read more...
     
    GHacks, Apr 25, 2019
    #1
  2. Wilson T Win User

    About Microsoft Baseline Security Analyzer

    Hello,

    Does Microsoft Baseline Security Analyzer work on Windows 10 too?

    Thanks very much Microsoft updates Security Baseline: drops password expiration :)
     
    Wilson T, Apr 25, 2019
    #2
  3. malware Win User
    Microsoft Security Bulletin for September 2007

    Microsoft released yesterday the September Security Bulletin for Windows operating system, as part of its monthly security cycle. This bulletin summary lists one critical and three important updates. For more information, see Microsoft Security Bulletin Summary for September 2007.

    Source: Microsoft
     
    malware, Apr 25, 2019
    #3
  4. Microsoft updates Security Baseline: drops password expiration

    Password issue

    After going through the steps to make a new password, after a week or two, my login credentials are no longer valid. I'm forced to make a new password all over again. It seems to happen if I don't login in a certain period of time. Does our passwords expire???
     
    GoFigureItOut, Apr 25, 2019
    #4
Thema:

Microsoft updates Security Baseline: drops password expiration

Loading...
  1. Microsoft updates Security Baseline: drops password expiration - Similar Threads - Microsoft updates Security

  2. Revert Security Baselines

    in Windows 10 Gaming
    Revert Security Baselines: Hi,I recently applied Microsoft Default Security Baselines for Windows 11 to a test group. As there are currently multiple projects running, leading to multiple problems, we decided to revert the Policies and apply them at a later point.As usual I just disabled the GPOs...
  3. Revert Security Baselines

    in Windows 10 Software and Apps
    Revert Security Baselines: Hi,I recently applied Microsoft Default Security Baselines for Windows 11 to a test group. As there are currently multiple projects running, leading to multiple problems, we decided to revert the Policies and apply them at a later point.As usual I just disabled the GPOs...
  4. Microsoft Security Baseline policies conflict

    in Windows 10 Gaming
    Microsoft Security Baseline policies conflict: Hello There,I am planning to configure the Microsoft Security Compliance Toolkit for my domain controller, and after linking the domain controller policy and check the resultant group policy I found that some settings are not changed by the new policy but instead taking the...
  5. Microsoft Security Baseline policies conflict

    in Windows 10 Software and Apps
    Microsoft Security Baseline policies conflict: Hello There,I am planning to configure the Microsoft Security Compliance Toolkit for my domain controller, and after linking the domain controller policy and check the resultant group policy I found that some settings are not changed by the new policy but instead taking the...
  6. Secure Host Baseline PolicyEngine.exe

    in Windows 10 Gaming
    Secure Host Baseline PolicyEngine.exe: How do I get a version of the PolicyEngine.exe that will run on Windows 10 Version 22H2? https://answers.microsoft.com/en-us/windows/forum/all/secure-host-baseline-policyengineexe/2eec21a7-078e-468d-93b7-586e705ec0ef
  7. Secure Host Baseline PolicyEngine.exe

    in Windows 10 Software and Apps
    Secure Host Baseline PolicyEngine.exe: How do I get a version of the PolicyEngine.exe that will run on Windows 10 Version 22H2? https://answers.microsoft.com/en-us/windows/forum/all/secure-host-baseline-policyengineexe/2eec21a7-078e-468d-93b7-586e705ec0ef
  8. Security baseline released for Microsoft Edge version 85

    in Windows 10 News
    Security baseline released for Microsoft Edge version 85: We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 85! We have reviewed the settings in Microsoft Edge version 85 and updated our guidance with the addition of one setting that we will explain below. A new Microsoft...
  9. Microsoft Security Compliance Toolkit Security Baseline Challenge Question

    in AntiVirus, Firewalls and System Security
    Microsoft Security Compliance Toolkit Security Baseline Challenge Question: I have applied Microsoft security baseline to Windows 10 IoT. Can anyone please provide a workaround or a solution to revert back the system to previous/original state? Any way which can basically revert the system + group policy + registry settings back to the way it was...
  10. Microsoft Security Compliance Toolkit Security Baseline Challenge Question

    in AntiVirus, Firewalls and System Security
    Microsoft Security Compliance Toolkit Security Baseline Challenge Question: I have applied Microsoft security baseline to Windows 10 IoT. Can anyone please provide a workaround or a solution to revert back the system to previous/original state? Any kind of way which can basically revert the system or group policy settings back to the way it was...