Microsoft reconheceu que a política do envelhecimento da senha é ineficaz

Microsoft decided to step away from policy of password aging that forced users to change saved passwords from time to time.

Technical giant presented new project plan of basic configuration settings for Windows 10 v1903 (19H10) and Windows Server v1903, that would eliminate the need to change password every weeks or months in accounts that are under group policy.

Innovation will be implemented in Windows 10 Update that would be released in May 2019.

As Microsoft explains in its blog, existing policy “ancient and outdated, with little value” and company does not “consider it reasonable”. Algorithm of passwords aging that demands periodic password changes is not a reliable method of account protection, especially remembering that if password was stolen it is necessary take measures immediately instead of waiting until it expires, note in a company.

After cancellation of password aging policy Microsoft recommends organizations to replace preset password expiration settings with newer and modern safety practices, Por exemplo, with multifactorial authentication, methods of brutforce-attacks detection or with realization of prohibited passwords list.

Contudo, company does not change recommendations on minimal length and complicity of a password.

“To try to avoid inevitable misunderstandings, we are talking here only about removing password-expiration policies – we are not proposing changing requirements for minimum password length, history, or complexity.”, — emphasizes Microsoft experts.

Document also contains recommended policies concerning groups of users in corporate network, including rules that limit work of certain functions for abuse prevention, and blocking of certain functions that malware can exploit in attacks on system or network.

Fonte: https://blogs.technet.microsoft.com

Sobre Trojan Killer

Carry Trojan Killer portátil em seu memory stick. Certifique-se que você é capaz de ajudar o seu PC resistir a quaisquer ameaças cibernéticas onde quer que vá.

Além disso, verifique

MageCart na Cloud Platform Heroku

Os investigadores encontraram vários MageCart Web Skimmers Em Heroku Cloud Platform

Pesquisadores da Malwarebytes informou sobre encontrar vários skimmers MageCart web na plataforma Heroku nuvem …

Android Spyware CallerSpy

máscaras spyware CallerSpy como uma aplicação de chat Android

Trend Micro especialistas descobriram a CallerSpy malwares, que mascara como uma aplicação de chat Android, …

Deixar uma resposta