large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Microsoft: mandatory password change process is “ancient and obsolete”

Tech giant Microsoft has come out to say that, as we might all have suspected, mandatory password changes in the workplace could be doing more harm than good.

The post, which slipped under the radar until Arts Technica picked it up, said that it would be ditching its recommendation for passwords to be changed regularly as part of its baseline security settings.

It’s an about-turn for the company which has previously spent decades suggesting people mix it up on the password front fairly regularly. Perhaps aware that their suggestions have led to a lot of instances of “password17” and “Summer2019” credentials, Microsoft employee Aaron Margosis says in the post that the suggestion to change your passwords is an “ancient and obsolete mitigation of very low value.”

Related: Best VPN

Which fits, all things considered. The common thought process around passwords now is less about making them easy for you to remember, and more about creating a long string of random characters, unique to each place. This is more secure, generally, and harder for malicious actors to crack. If you have to change it every three months, the thinking is that users will opt for something easier to remember, seeing as it is subject to change.

Microsoft isn’t the first person to warn against this, but they’re one of the biggest tech companies to plant a flag on the “mandated password changes are bad” hill.

Related: Best Desktop PC

This all goes out of the window if there’s actually a security breach: in that case, everyone involved should change their password. However, when it comes to issuing a new password because of the passing of time… you can skip that. It’s okay, Microsoft says so.

You can read Microsoft’s thoughts on the matter, penned by Margosis, including some best practices on good passwords.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.