Very interesting. Thanks for sharing.
From: [email protected] [mailto:[email protected]] On Behalf Of Free Jr., Bob Sent: Thursday, May 26, 2016 2:52 PM To: [email protected] Subject: [NTSysADM] Password "anti-patterns" I've seen a couple fascinating presentations this week outlining some research done by MS on both the consumer and enterprise sides and since this list often likes to opine on password policies, I thought I'd pass some of it along for your consideration. The quote below was clearly demonstrated based on research done into billions of authentications "...most of the common approaches people use today - length requirements, complexity requirements, and change frequencies - don't actually help achieve this goal. In the real world, and with real users, they do just the opposite." From : http://research.microsoft.com/pubs/265143/Microsoft_Password_Guidance.pdf I saw both of the Alex[s] mentioned below present and it was very eye-opening.... https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/ https://blogs.technet.microsoft.com/ad/2016/05/10/how-we-protect-azuread-and-microsoft-account-from-leaked-usernames-and-passwords/
