Expired Password Rules
Expired Password – the process of expiring Passwords is an obsolete practice that is not worth the effort. Microsoft agrees with that. In a company post they said, periodic password expiration is an ancient and obsolete mitigation of very low value, and Microsoft does not believe it’s worthwhile for a baseline to enforce any specific value.
As a result, Microsoft has dropped as a best practice that passwords should be frequently changed. In its Windows security configuration baseline model. That model is collection of recommended group policies and their settings, accompanied by reports, scripts and analyzers. Earlies models had advised enterprises and other organizations to mandate a password change every 60 days.
Policies to automatically expire passwords – and other group policies that set security standards – are often misguided. According to security expers. the small set of ancient password policies enforceable through Windows’ security templates is not and cannot be a complete security strategy for user credential management.
Better practices are multi-factor authentication – also known as two-factor authentication – and banning weak, vulnerable, easily-guessed or frequently revealed passwords.
Solutiion implemeting the Security Policies and Procedures. Janco’s Security Manual Template both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley and CobiT compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002),CobiT, PCI-DSS, and HIPAA. Data Protection is a priority.
- DRP BCP Audit
- Compliance Management
- Security and Compliance Tools
- Security Manual Template
- Compliance Mandates