Milk Still Expires, but Now — Mercifully — Your Passwords Won’t

Photo by Thomas Andreas / Shutterstock.com

Who hasn’t been interrupted during some important task by a strictly-imposed network requirement to “update” a password? And who hasn’t solved this modern annoyance by some ridiculous, unsafe naming convention like “CorpPassword1 … CorpPassword2 … CorpPassword3” and so on?

People already have 150 or so passwords they must remember. Forced expiration made this already untenable situation even worse — 150 new passwords every month or so?

Those days are, thankfully, coming to a close. Last year, the National Institute of Standards and Technology revised its passwords recommendations, urging companies to abandon forced expirations. And recently, Microsoft announced it would remove the requirement from Windows 10 standards.

This will finally start a movement to drop forced password updates.

In its announcement, Microsoft was both logical and forceful in its argument.

“Periodic password expiration is an ancient and obsolete mitigation of very low value,” it said. “When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.”

If a password is compromised, it should be changed now — why wait 30 or 60 days? — and if it’s not compromised, why create the extra hassle?

More from Microsoft:

“If it’s a given that a password is likely to be stolen, how many days is an acceptable length of time to continue to allow the thief to use that stolen password? The Windows default is 42 days. Doesn’t that seem like a ridiculously long time? Well, it is, and yet our current baseline says 60 days — and used to say 90 days — because forcing frequent expiration introduces its own problems.

And if it’s not a given that passwords will be stolen, you acquire those problems for no benefit. Further, if your users are the kind who are willing to answer surveys in the parking lot that exchange a candy bar for their passwords, no password expiration policy will help you.”

Gartner cybersecurity analyst Avivah Litan called the move a “most welcome step.”

“Finally, a big tech company (that manages much of our daily authentication) is using independent reasoned thinking rather than going along with the crowd mentality when the crowd’s less-secure password management practices are — however counterintuitive — less secure,” she wrote in a blog post.

What should companies be doing about passwords instead? Litan hopes this step signals the beginning of the end of traditional passwords. Meanwhile, Microsoft hints at what better security looks like:

“What should the recommended expiration period be? If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven’t implemented modern mitigations, how much protection will they really gain from password expiration?”

Coincidentally, this week’s “So, Bob” podcast deals with password managers. Listen on iTunes or on Stitcher.

More from Bob Sullivan:

What’s your take on this news? Sound off by commenting below or on Money Talks News’ Facebook page.

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.

Read Next
2 Costly Rewards Credit Card Mistakes — and How to Fix Them
2 Costly Rewards Credit Card Mistakes — and How to Fix Them

If you commit either of these credit card sins, you are likely losing money every time you use a card. Here’s how to easily right this wrong.

7 Hobbies That Help You Live Longer
7 Hobbies That Help You Live Longer

Research shows some hobbies can add years — or even decades — to your life.

9 Houseplants That Remove Toxins From Your Indoor Air
9 Houseplants That Remove Toxins From Your Indoor Air

These plants may also do everything from reduce the amount of dust in your home to improve your productivity.

Drivers Give These 5 Car Insurers the Highest Marks
Drivers Give These 5 Car Insurers the Highest Marks

One company claimed the top ranking in several categories.

12 Ways Retirees Can Earn Passive Income
12 Ways Retirees Can Earn Passive Income

These simple ways of earning income without a lot of active, ongoing effort can stretch your retirement dollars.

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Most Popular
7 Kirkland Signature Items to Avoid at Costco
7 Kirkland Signature Items to Avoid at Costco

Even if it seems you save a bundle buying Costco’s Kirkland Signature brand products, they may not be the bargain they appear to be.

Am I Eligible for My Mother’s Social Security Benefit?
Am I Eligible for My Mother’s Social Security Benefit?

Can an adult daughter tap into her late mother’s benefit?

9 Things You’ll Never See at Costco Again
9 Things You’ll Never See at Costco Again

The warehouse store offers an enormous selection, but these products aren’t coming back.

3 Ways to Get Microsoft Office for Free
3 Ways to Get Microsoft Office for Free

With a little ingenuity, you can cut Office costs to zero.

This Surprise Factor Can Raise Your Risk of Dementia
This Surprise Factor Can Raise Your Risk of Dementia

Nearly half of U.S. residents may face this threat.

Organize Your Home With These 10 Thrift Store Finds
Organize Your Home With These 10 Thrift Store Finds

Resolve to be clutter-free in 2021 with these secondhand purchases.

11 Laws You Could Be Breaking Without Knowing It
11 Laws You Could Be Breaking Without Knowing It

Seriously? Fibbing about the weather is a crime? This and other little-known legal traps await the unwary.

Is This Treatable Condition Causing Your High Blood Pressure?
Is This Treatable Condition Causing Your High Blood Pressure?

Researchers say too many doctors are overlooking this potential source of hypertension.

13 Things Seniors Can Get for Free — or Almost Free
13 Things Seniors Can Get for Free — or Almost Free

There are many ways to get cheap or free services and goods after reaching a certain age.

These Are the 3 Best Used Cars You Can Buy
These Are the 3 Best Used Cars You Can Buy

These vehicles boast reliability, safety and long-lasting value.

21 Items to Cut From Your Budget That You Won’t Even Miss
21 Items to Cut From Your Budget That You Won’t Even Miss

Start off the new year by implementing these small-but-smart savings strategies. They’ll soon add up.

Internet Providers Can’t Charge You for This Anymore
Internet Providers Can’t Charge You for This Anymore

Starting this month, your ISP no longer can bill you for this fee.

Taking a Multivitamin? Here’s Why You Should Reconsider
Taking a Multivitamin? Here’s Why You Should Reconsider

A new study has bad news for the millions of Americans who spend money on multivitamins.

15 Painless Ways You Can Cut Costs in 2021
15 Painless Ways You Can Cut Costs in 2021

Follow these tips to save, so you’ll have money for things that really matter.

9 Small Expenses That Are Bleeding Your Budget Dry
9 Small Expenses That Are Bleeding Your Budget Dry

Keep more of future paychecks by eliminating these budget-busting unnecessary expenses.

11 Huge Retirement Costs That Are Often Overlooked
11 Huge Retirement Costs That Are Often Overlooked

Does your retirement budget account for all of these costs?

7 Tricks to Cleaning Your Bathroom Faster
7 Tricks to Cleaning Your Bathroom Faster

These tips can get your bathroom sparkling with little time and no elbow grease.

20 Amazon Purchases We Loved in 2020
20 Amazon Purchases We Loved in 2020

These practical products made everyday life a little easier last year — and will do so in the new year, too.

10 Times You’re Right to Be a Cheapskate
10 Times You’re Right to Be a Cheapskate

Clever shoppers can save money without sacrificing quality. Here is how to do it.

View More Articles

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Add a Comment

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.