Security Corner

Jul 23 2011   4:06PM GMT

Microsoft is Finally Starting to Listen to Me…

Ken Harthun Ken Harthun Profile: Ken Harthun

Well, maybe not me, but over the past couple of years, Microsoft is finally starting to get their security practices in order.

The college I work for has just switched all email for students and staff over to Microsoft’s Live@Edu hosted Exchange offering. While we administrators set pretty secure default passwords when configuring the accounts, people will be people and usually change them to something they can remember, meaning completely guessable and insecure. So, Microsoft is going to enforce strong passwords going forward:

Dear IT Administrator,
Thank you for your continued participation in the Live@edu program. We would like to make you aware of a Windows Live service update that will bring new improvements to the end user experience. You should also be aware of some minor changes to the administrator capabilities brought about by this update. This email provides a summary of these changes along with the timeframe for the update.
Changes in the Password Policy for Windows Live ID
As part of an effort to increase security, the password policy for the Windows Live ID will be strengthened. These changes will come into effect on September 1st, and will only affect those users that change their password or create a new password after the update. Under this updated policy, the new password must meet the following requirements:
Must be at least seven characters long and not longer than sixteen characters.
Cannot be reset to any of the previously used 10 passwords.
Must contain characters from all of the following three categories:
Uppercase letters (A through Z)
Numbers (0 through 9)
Special symbols such as:!, $, #, % etc.
Current Live@edu users will not be required to change their existing password as a result of this change in policy. However if you try to change or reset it, then the new password must meet the above mentioned requirements. If a password is among previously used 10 passwords, you will see an error message “A password match is found in the history.”

All I have to say is, Bravo!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: