Forum Discussion
MicrosoftAnnouncement: Office 365 Secure Score Released to Public Preview
Another issue with Secure Score.
"You should require that all of your users reset their password at least every 60 days"
This is no longer current best practice where strong passphrases and 2FA are used since more rapid enforced change of passwords leads to the use of weaker ones.
Another issue with Secure Score.
"You should require that all of your users reset their password at least every 60 days"
This is no longer current best practice where strong passphrases and 2FA are used since more rapid enforced change of passwords leads to the use of weaker ones.
- Hey Julian,
Thanks for the feedback. We 100% agree, and have been working on 'flipping' this control to award points for /not/ setting a password expiration policy. Microsoft and NIST both recently released research that supports this change on our policies. Thanks again for the feedback!
As Per Microsoft's Recommendation: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf
And updated NIST standards: https://pages.nist.gov/800-63-3/sp800-63-3.html
Brandon KoellerThat password recommendations document contains a lot of good info. Can you get it copied from the Research org over into some public places, such as docs.microsoft.com and support.office.com?
- Hey Dean! I'll ask! Thanks, Brandon
