Microsoft is getting rid of the 60-day password expiration policy for organizations using its baseline security configuration in Windows 10 with the May 2019 Update. In a draft release of security baseline configurations posted this week, the company explained that password expiration is no longer a useful tool for preventing breaches, and it often causes more headaches than it's worth (via Ars Technica).
By default, Microsoft's current baseline configuration forces users to change their passwords every 60 days. However, as Microsoft explains, this can have the unintended effect of causing people to choose simplistic passwords that are easy to crack, or they will forget their new passwords altogether. Further, if a password is stolen, any set period of time for expiring passwords could still be a liability; the most effective approach would be to have that password changed immediately.
Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don't believe it's worthwhile for our baseline to enforce any specific value. By removing it from our baseline rather than recommending a particular value or no expiration, organizations can choose whatever best suits their perceived needs without contradicting our guidance. At the same time, we must reiterate that we strongly recommend additional protections even though they cannot be expressed in our baselines.
In addition to dropping password expiration policies from the baseline configuration, Microsoft is also changing the baseline BitLocker encryption to 128-bit encryption. Previously, Microsoft defaulted to the strongest 256-bit encryption, but the company feels that 128-bit encryption is effective enough. Further, there can be a noticeable drop in performance when moving from 128 to 256-bit protection.
For more on Microsoft's draft security policies and proposals, you can view the company's full blog post.
Cheap PC accessories we love
Take a gander at these awesome PC accessories, all of which will enhance your Windows experience.
Anker 4 port USB 3.0 hub ($10 at Amazon)
Whether on a desktop or laptop PC, you always need more ports to connect things to. This hub gives you an additional four USB 3.0 Type A ports.
Ikea Fixa Cable Management System ($11 at Amazon)
This IKEA cable management kit is your ticket to a clean setup. It's simple and functional.
NZXT Puck ($20 at Amazon)
This clever little accessory has powerful magnets on the rear to make it stick to any of the metal panels on your PC case or anything else. It's great for hanging accessories like headsets.
We may earn a commission for purchases using our links. Learn more.
Update 4: Trump gives blessing to TikTok sale to Microsoft
TikTok may soon be owned by Microsoft. The company is reportedly in talks to buy out the U.S. portion of TikTok amid a rumored Trump administration order for TikTok owner Bytedance to divest. On Monday, President Trump says he does not oppose the sale so long as it is done by September 15.
Logitech's new racing wheel brings the feel of the track to your hands
Logitech debuted the G923 today, a new racing wheel and pedals that bring the feel of the track to life. The G923 comes with Logitech's "TRUEFORCE" force feedback system, which simulates the track, wheels, and everything else you'd want to feel in a sim racer.
We compare the Lenovo Legion 5i 15 with the ASUS TUF Gaming A15
Shopping for a new gaming laptop that hits mid-range performance and costs around $1,000? Check out how the Lenovo's Legion 5i 15 compares to the ASUS TUF Gaming A15.
10 must-have apps for any new PC
You just purchased a new PC and set it up, and now you're looking for some great apps. Look no further. These are the best apps for your new Windows 10 PC.