Windows 10 Version 1903 Will Remove Annoying Mandatory Password Updates

Organizations running Windows 10 version 1903 will no longer be forced into updating their passwords, as Microsoft says the feature brought no benefits.

Windows Hello official microsoft

With the growing sophistication of cybercriminals, passwords have become an increasingly inefficient way to protect systems and content. is taking steps to remove passwords and has removed a particularly annoying feature from 10.

I am talking about mandatory periodic password changes, a 10 feature that caused more harm than good. With the introduction of (May 2019 ) next month, the baseline settings will be dropped.

“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don't believe it's worthwhile for our baseline to enforce any specific value,” says Aaron Margosis, a principal consultant.

Under the new terms, customers will be able to select a date when their password expires, or indeed choose not to have an expiry date. In a blog post, Margosis explains says that while the protection the tool provided was limited, it did also caused too many issues that could compromise .

“When humans are forced to change their passwords, too often they'll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use.”

Pointless Feature

While mandatory password updates are being removed, will continue with basic password requirements. So, there will be no changes to not being allowed to use an historic password or the complexity and length of passwords.

Margosis points to problems with the current system for mandatory password updates. He says these contradictions make the baseline pointless. Under current guidelines, Windows asks organizations to passwords ever 42 days.

“If it's a given that a password is likely to be stolen, how many days is an acceptable length of time to continue to allow the thief to use that stolen password? The Windows default is 42 days. Doesn't that seem like a ridiculously long time?” asks Margosis.