Microsoft tells IT admins to nix ‘obsolete’ password reset practice

Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.

The company called the practice – once a cornerstone of enterprise identity management – “ancient and obsolete” as it told IT administrators that other approaches are much more effective in keeping users safe.

“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value,” Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.

To read this article in full, please click here