New Windows 10 will drop password expiry policies

Microsoft just announced that with the Windows 10 May 2019 Update, it will be dropping the password expiration policy and replacing it with new, more contemporary solutions. After v1903 gets released, users will be able to set up two-factor authentication, will be able to detect cyberattacks that use password guessing techniques, as well as track anomalous attempts to log in. Users will also get to enforce a list of passwords that are banned for use. "While we recommend these alternatives, they cannot be expressed or enforced with our recommended security configuration baselines, which are built on Windows’ built-in Group Policy settings and cannot include customer-specific values," Microsoft said in an announcement. One of the reasons why Microsoft decided to ditch the mandatory password change practice is that, as it says, it makes no sense. If a password is breached, users should act immediately, not after they get forced to do so by the operating system. In that case, a mandatory password change every once in a while becomes redundant.