The Windows 10 υποστηρίζουν δύο τύπους λογαριασμών. Ο ένας είναι ο κλασσικός τοπικός λογαριασμός που είναι διαθέσιμος σε όλες τις προηγούμενες εκδόσεις των Windows, ενώ ο άλλος είναι ο σύγχρονος λογαριασμός της Microsoft που συνδέεται με τις υπηρεσίες cloud της εταιρείας.
Before Windows 10 version 1903, Microsoft used expiration policies code accesss for better security that dated back to earlier versions of Windows NT.
This changes (at last) with the new version.
In short, Microsoft states:
If one codeaccess has been compromised, it should be changed immediately. If the password has not been leaked, there is no reason to change it. Changing passwords over time can cause users to forget their new password or write it down somewhere (to remember) where it can be found.
The official publication in the blog of the company says:
Why are we abolishing our password expiration policies?
First, to avoid inevitable misunderstandings, we are only talking about removing password termination policies, and we do not propose changes to the requirements for the minimum password length or complexity.
Periodic password expiration is a solution against the possibility of a password (or hash) being stolen during its validity period and used by an unauthorized entity. If the password is never stolen, you do not have to end it. And if you have proof that a password has been stolen, you would probably change it immediately rather than waiting for the fix to fix the problem.
Periodic password expiration is an ancient and outdated mitigation of very low value, and we do not think it is useful to impose it. At the same time, we should reiterate that we recommend the additional protections.
Therefore, password expiration policies will be past the upcoming version of Windows 10 1903.