Why 42 Days

P

Pa55w0rd

Reviewing our domain security policy and wonder why microsoft recommend
42days as a "Maximum Password Age" ?
 
A

Alun Jones

"Pa55w0rd" <Pa55w0rd@discussions.microsoft.com> wrote in message
news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
> Reviewing our domain security policy and wonder why microsoft recommend
> 42days as a "Maximum Password Age" ?

Because that's what the dice rolled?

Seriously, consider what your own password requirements are, and why aging
them will help or hinder your operation. Then figure out how you can best
achieve that, and at what stage passwords should become stale.

Also consider how many pitchforks and torches your users can assemble should
you set the aging period too low.

Alun.
~~~~
 
M

Mostly Gizzards

Alun Jones wrote:
> "Pa55w0rd" <Pa55w0rd@discussions.microsoft.com> wrote in message
> news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
>> Reviewing our domain security policy and wonder why microsoft recommend
>> 42days as a "Maximum Password Age" ?
>
> Because that's what the dice rolled?
>
> Seriously, consider what your own password requirements are, and why aging
> them will help or hinder your operation. Then figure out how you can best
> achieve that, and at what stage passwords should become stale.
>
> Also consider how many pitchforks and torches your users can assemble should
> you set the aging period too low.
>
> Alun.
> ~~~~
>
>

Because 42 is the answer.
 
R

Roger Abell [MVP]

"Pa55w0rd" <Pa55w0rd@discussions.microsoft.com> wrote in message
news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
> Reviewing our domain security policy and wonder why microsoft recommend
> 42days as a "Maximum Password Age" ?


Remember that current thinking at MS is not 42 days, if there is such
a thing as current thinking (instead of 27zillion different thoughts).

42 days is 6 weeks.
After you take into account that people get warned about the need to
change 2 weeks before the expiration, and most people will change
it then instead of deal with dismissing a warning/offer at each login,
you end up with a one month password age before it gets changed.
Anything less and the pitchforks do indeed start to fly (at you), but
back then, MS was fairly new to the "get with the security awareness"
program, and evidently they felt that monthly passwords were about
as far as the curve could be pressed but wanted to seem aggressive
about forcing password changes.
In other words, whoever knows is probably well hidden in some
other area of MS product development now.

Roger
 
M

microsoft news

"Mostly Gizzards" <mostlygizzards@tehgmail.com> wrote in message
news:eHcrZSsBIHA.1188@TK2MSFTNGP04.phx.gbl...
> Alun Jones wrote:
>> "Pa55w0rd" <Pa55w0rd@discussions.microsoft.com> wrote in message
>> news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
>>> Reviewing our domain security policy and wonder why microsoft recommend
>>> 42days as a "Maximum Password Age" ?
>>
>> Because that's what the dice rolled?
>>
>> Seriously, consider what your own password requirements are, and why
>> aging them will help or hinder your operation. Then figure out how you
>> can best achieve that, and at what stage passwords should become stale.
>>
>> Also consider how many pitchforks and torches your users can assemble
>> should you set the aging period too low.
>>
>> Alun.
>> ~~~~
>
> Because 42 is the answer.

so it is................
 
E

Eric Denekamp

The answer to the ultimate question about life the....
hmmm did the universe change just now?

--
Good luck

Eric Denekamp
http://blogs.infosupport.com/ericd

=============================
"microsoft news" <geoffwin@SPAM.gmail.com> wrote in message
news:OP5DNi0BIHA.4568@TK2MSFTNGP02.phx.gbl...
>
> "Mostly Gizzards" <mostlygizzards@tehgmail.com> wrote in message
> news:eHcrZSsBIHA.1188@TK2MSFTNGP04.phx.gbl...
>> Alun Jones wrote:
>>> "Pa55w0rd" <Pa55w0rd@discussions.microsoft.com> wrote in message
>>> news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
>>>> Reviewing our domain security policy and wonder why microsoft recommend
>>>> 42days as a "Maximum Password Age" ?
>>>
>>> Because that's what the dice rolled?
>>>
>>> Seriously, consider what your own password requirements are, and why
>>> aging them will help or hinder your operation. Then figure out how you
>>> can best achieve that, and at what stage passwords should become stale.
>>>
>>> Also consider how many pitchforks and torches your users can assemble
>>> should you set the aging period too low.
>>>
>>> Alun.
>>> ~~~~
>>
>> Because 42 is the answer.
>
> so it is................
>
 
You must log in or register to reply here.

Similar threads

G
Unable to extend minimum password length to 15 characters in Group policy for 2016 and 2019 server.
Replies
0
Views
37
GOVINDU SREEHARSHA1
G
D
Missing GPO for LAPs
Replies
0
Views
51
dbnumberiv
D
H
Excel Open File - Security Warning for our own company SharePoint site, followed by network share
Replies
0
Views
44
Hoff_82
H
H
Excel Open File - Security Warning for our own company SharePoint site, followed by network share
Replies
0
Views
34
Hoff_82
H
A
How to set up a password expiration policy in an hybrid environment for a set of users
Replies
0
Views
14
AEBY Julien
A
Back
Top Bottom