Expired Password

Expired Password Rules

Expired Password

Expiring passwords is no longer considered a best practice by many security experts

Expired Password – the process of expiring Passwords is an obsolete practice that is not worth the effort. Microsoft agrees with that.  In a company post they said, periodic password expiration is an ancient and obsolete mitigation of very low value, and Microsoft does not believe it’s worthwhile for a baseline to enforce any specific value.

As a result, Microsoft has dropped as a best practice that passwords should be frequently changed. In its Windows security configuration baseline model.  That model is collection of recommended group policies and their settings, accompanied by reports, scripts and analyzers. Earlies models had advised enterprises and other organizations to mandate a password change every 60 days.

Password Policies

Policies to automatically expire passwords – and other group policies that set security standards – are often misguided.  According to security expers. the small set of ancient password policies enforceable through Windows’ security templates is not and cannot be a complete security strategy for user credential management.

Better practices are multi-factor authentication – also known as two-factor authentication – and banning weak, vulnerable, easily-guessed or frequently revealed passwords.

Security Policies

Solutiion implemeting the Security Policies and Procedures. Janco’s Security Manual Template both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley and CobiT compliance). In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002),CobiT, PCI-DSS, and HIPAA. Data Protection is a priority.

Order Security Manual TemplateDownload Sample

Read Also

Please follow and like us
error
Victor Janulaitis on LinkedinVictor Janulaitis on Twitter
Victor Janulaitis
M. Victor Janulaitis is the founder and CEO of Janco Associates. His focus and that of the firm is the management and support of IT professionals improving infrastructure. His expertise is in organizational infrastructure, security, cost control, disaster recovery business continuity; information privacy; and staff development.
This entry was posted in Security on by .

About Victor Janulaitis

M. Victor Janulaitis is the founder and CEO of Janco Associates. His focus and that of the firm is the management and support of IT professionals improving infrastructure. His expertise is in organizational infrastructure, security, cost control, disaster recovery business continuity; information privacy; and staff development.

Leave a Reply

Your email address will not be published. Required fields are marked *