Microsoft’s recommendation links to a page in the Office 365 admin portal that allows you to set user passwords to never expire. So what should we do if we aren’t requiring our users to regularly change their passwords? choosing new passwords that are only a minor variation of their previous password, e.g.choosing weaker passwords to begin with, because they don’t want to learn complex new passwords each time they are forced to change it.Times have changed though, and recent research has concluded that requiring users to change their passwords regularly will usually lead to them: This thinking comes from a time when passwords were the single factor of authentication for most systems, with multi-factor authentication being relatively rare. For a long time the accepted position for passwords was to change them regularly. The thought of non-expiring passwords might raise a few eyebrows in some organizations. I imagine that the recommendation is being rolled out slowly. This recommendation has so far appeared only in tenants that I have access to that are configured with First Release for everyone, and that aren’t enabled for directory synchronization. I am not sure whether a tenant created today will default to 730 days or to non-expiring passwords.
My tenant is currently set to an expiry period of 90 days, whereas a newer tenant I was doing some testing with last month has defaulted to 730 days. Microsoft is recommending that user account passwords be set to never expire. My Office 365 admin portal displayed a new recommendation when I logged in last week.
0 kommentar(er)
