Don’t worry, your password hasn’t expired
“Your password has expired, please enter a new one” is one of the most frustrating messages an office worker can see at the start of their day.
Often the solution is to just take your old password and add a number to the end. It’s hardly secure (if a would-be hacker discovers your old password they’ll probably guest your new one) and regularly inconveniencing users isn’t the best way to make them treat the security of your network with care.
For years, security experts have argued that automatically expiring passwords were poor security practice, and finally, it seems Microsoft agrees. The option for administrators to force users to regularly change their password is being removed from an upcoming version of Windows 10.
As Bleeping Computer reports
, there will be no replacement security feature, but network administrators and security officers should focus on introducing things like two-factor auth and password managers. These are far more secure, with physical keys
being particularly appealing in many situations.
This is very much a positive move, but given the (often necessary) glacial pace at which many large businesses update their software, it will likely be some time yet before automatically expiring passwords completely expire from office life.