Password expiration is dead, long live your passwords
Companies, agencies, institutions, etc
Microsoft
NIST
TechCrunch
Verizon
LastPass
API
CTO
People
No matching tags
Groups
No matching tags
Physical locations
No matching tags
Places
No matching tags
Locations
No matching tags
Events
No matching tags
Summary
— removing the password expiration policies from their Windows 10 security baseline.Although NIST and others precede this and deserve that credit, I think it’s worth taking a moment to recognize this moment in time as truly a fundamental change in the industry.— SwiftOnSecurity (@SwiftOnSecurity) May 31, 2019Many enterprise-scale organizations (including TechCrunch’s owner Verizon) require their users to change their passwords regularly. Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it.
As said here by Jon Evans