Highlighted
ky331
6 Indium

Microsoft says mandatory password changing is “ancient and obsolete”

Microsoft is finally catching on to a maxim that security experts have almost universally accepted for years: periodic password changes are likely to do more harm than good...

Researchers have increasingly come to the consensus that the best passwords are at least 11 characters long, randomly generated, and made up of upper- and lower-case letters, symbols (such as a %, *, or >), and numbers. Those traits make them especially hard for most people to remember. The same researchers have warned that mandating password changes every 30, 60, or 90 days—or any other period—can be harmful for a host of reasons. Chief among them, the requirements encourage end users to choose weaker passwords than they otherwise would... [by re-using/modifying old passwords].

https://arstechnica.com/information-technology/2019/06/microsoft-says-mandatory-password-changing-is...

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

5 Replies
7- Thorium

Re: Microsoft says mandatory password changing is “ancient and obsolete”

"11 character"

All the more reason to write the password on a Post-It note and stick it on the front of the monitor... 😄

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
joe53
5 Rhenium

Re: Microsoft says mandatory password changing is “ancient and obsolete”

Nice find, ky!

That article is so spot on. Speaking personally, I have my bank which requires one long PW with uppercase, lowercase, numbers and symbols, plus 2nd factor authentication, which takes me about 30 seconds to log on. And the PW is permanent, unless I change it. The long PW is easy to memorize, because of the way I created it.

On the other hand, the several government departments and agencies I deal with invariably insist on monthly PW changes, and I do exactly what that article describes: change the PW by changing the last letter or number, and writing it down somewhere.

Requirements for frequent PW changes are not only less secure, they also decrease productivity, slow down the transformation of info, and increase irritation with the process. Which of course, is the actual intention of bureaucratic regulators ...

When it comes to security protocols, I trust my bank more than my public service.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 7/sp1 (64- Bit): Malwarebytes 3.x Premium, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


Windows 10 Pro (64- Bit): Same protection plus Windows Defender AV.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
ky331
6 Indium

Re: Microsoft says mandatory password changing is “ancient and obsolete”

"11 character"

It doesn't have to be a word, and/or mere gibberish... some people use pass-"phrases", that they find easy to remember.   For example (no, this is NOT mine):   ILoveMyDellXPS13

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
dalem29
4 Germanium

Re: Microsoft says mandatory password changing is “ancient and obsolete”

Steve Gibson's site has been up like forever, and it is interesting place to explore and read what he has to say on a variety of topics, including passwords and passphrases. I don't change them often, but I do I use an easily remembered combination of upper case, lower case, numbers, and symbols. I think the most important thing is length and most of mine are 15-20 characters long, depending on the site. Check it out at grc.com
0 Kudos
joe53
5 Rhenium

Re: Microsoft says mandatory password changing is “ancient and obsolete”

A good variation on pass phrases is to just take the first letter or number or symbol of an easily memorized phrase. For example, "The Toronto Blue Jays won the World Series  i92 and 93!" translates to "TTBJwtWSi92a93!"  (not a PW I use, but one I would easily remember as a Blue Jay fan). Virtually unbreakable.

Or make a joke in another language: "Veni/vidi/vamoosed!" (I came, I saw, I ran away!) or use pig Latin combo.

I keep my passwords written down and located in a random position in my house, as backup. I don't trust PW manager software. It would take a break-in artist a long time to locate it.  Most of my PWs I can recall from memory, except for the ever changing Gov't PWs.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 7/sp1 (64- Bit): Malwarebytes 3.x Premium, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


Windows 10 Pro (64- Bit): Same protection plus Windows Defender AV.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos