Microsoft Changes Stance on Password Expiration Policy

Published on 2021-04-20 by Mohd

Microsoft has finally changed their stance on mandating routine password changes. I am very excited about this because of the possibility that this line of thinking will one day make its way into Windows and Active Directory. As someone who works in a coporate company, I have to change my password periodically because that's the policy set on AD. It's a pain in the ass and I can't wait for this type of thinking to die out.

I am a fan of optimizing the password length over the complexity. This XKCD demonstrates why that's a good idea. My master password for my password manager has 35 characters. I think encouraging users to use strong passwords that are harder to crack in the first place is better than unnecessarily changing the password every so often.

I recommend everyone to use a password manager. They are relatively cheap, and provide security whilst also providing convenience. I can use a randomly generated super strong password without having to remember it. I don't even have to type it. I don't think I can live without lastpass anymore. Biometric verification combined with auto-fill truly make it an amazing value add and a pleasure to use.