1 Replies. 1 pages. Viewing page 1.
Newer [  1  ] Older
1.
 
Microsoft Has Known This For 2 Decades
Apr 24, 2019, 20:32
1.
Microsoft Has Known This For 2 Decades Apr 24, 2019, 20:32
Apr 24, 2019, 20:32
 
Microsoft's R&D team back in 1997 found out through extensive research that password change requirements were mostly harmful to security.

Non-technical people it was safe to get them to change their passwords every 2 years. It could be pushed as low as 1 year, but it would start creating security problems.

Technical people it was safe to get them to change their passwords every year. It could be pushed as low as 6 months, but it would start creating security problems.

Even with this research, the Server Team still recommends changing domain passwords every 30 days. I know at one point the Windows Server default was to change every 45 days.
1 Replies. 1 pages. Viewing page 1.
Newer [  1  ] Older