Passwords in Windows are changing

Microsoft has published a draft security revision for Windows 10 version 1903 (May 2019 Update) that changes security requirements for Windows 10 desktop users and Windows Server 2016 / Windows Server 2019 (read the new draft at https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/ ).

The biggest change in the draft security revision is that Microsoft is dropping the password expiration policy. Previously, Microsoft had set the default password expiration period at 90 days.

Microsoft explained the purpose behind changing the password expiration policies in the draft security revision:


When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.

Microsoft TechNet

Which makes perfect sense. The purpose of password expiration policies are to force password changes assuming that someone’s password will frequently be compromised. If a password never gets compromised, there is no need to change the password regularly.

There are a handful of other important changes coming in the May 2019 Update of Windows 10. Some of the more notable changes are:

  • Removing multicast name resolution
  • Removing Data Execution Prevention for Windows Explorer
  • Removing Heap termination on corruption
  • Limiting NetBT NodeType to P-node
  • Creating a svchost.exe mitigation policy
  • Removing BitLocker drive encryption ciphers
  • Removing built-in Windows admin account
  • Removing built-in Windows guest account
  • Adding Kerberos authentication audit settings

If you are having security problems or any other issue with your Windows 10 computer and would like some assistance, please give us a call at 1-800-620-5285.  Karls Technology is a nationwide computer service company with offices in many major cities.  This blog post is brought to you from our staff at the Arvada Computer Repair Service, if you need computer repair in Arvada, CO please call the local office at (720) 441-6460 or schedule an appointment at www.arvadacomputerrepairservice.com.

Leave a Reply