Microsoft has proposed scrapping a policy in Windows that requires users to periodically change their login password.

In a blog post, the software giant said its new draft security configuration baseline settings would no longer force users whose accounts are controlled by a network’s group policy to change their passwords every few weeks or months.

Microsoft’s draft security baseline documents includes recommended policies that affect entire groups of users on a corporate network, including rules that limit certain features and services to prevent misuse or abuse, as well as locking down certain functions that could be used by malware to attack the system or network.

The company said that the existing password change policy is an “ancient and obsolete mitigation of very low value,” and

Read More At Article Source | Article Attribution