647.728.0610 | info@thirdoctet.com

Get In Touch
Level Up

Challenge #8

Adopt Modern Password Policies

Embrace the latest in cybersecurity by setting passwords to never expire in Microsoft 365. Streamline password management while enhancing security.

modern password policies such as biometric authentication or multifactor

Why?

The way we handle passwords is changing. Gone are the days when regularly changing passwords was seen as the best practice. Now, leading cybersecurity experts, including those at NIST and Microsoft, recommend a new approach: setting passwords to never expire. Why this shift? It turns out that frequent password changes don’t necessarily mean better security. In fact, they can lead to weaker passwords as people tend to create variations of their previous passwords (think ‘Password123’, ‘Password124’, etc.), which are easier to guess.

Our focus now is on creating strong, unique passwords right from the start and complementing them with Multi-Factor Authentication (MFA). This combination offers a more robust defense against unauthorized access, particularly for our most sensitive accounts. By moving to a ‘passwords never expire’ policy, we’re not just simplifying administration; we’re adopting a smarter, more effective approach to password security in line with modern standards.

Important Considerations

We can help

Before changing your password policy to ‘never expire,’ it’s crucial to consider your entire IT environment. If your organization uses on-premises systems, such as Active Directory servers, these settings may override or conflict with your Microsoft 365 policies.

In hybrid environments, where you have both on-premises and cloud infrastructure, ensure that password policies are consistent across all systems. You might need to adjust your on-premises password expiration settings to align with your new Microsoft 365 policy. Failing to do so could result in confusing discrepancies and potential security loopholes.

Further, the strength of your existing passwords also plays an important role, as does whether or not you currently use multi-factor authentication.

If you’re unsure how to proceed, or if you need assistance in evaluating your current setup, our team is here to help guide you through these changes.

How?

Adjusting your password policies in Microsoft 365 to align with contemporary best practices is a straightforward process assuming you’ve tackled the important considerations noted previously. Here’s how to set it up:

    Step 1: Go to the Microsoft 365 Admin Center

    On your computer, launch a new browser window (Edge, Chrome), and type in https://admin.microsoft.com/ and press enter.

    Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.

    Step 2: Access Org Settings

    Within the Microsoft 365 Admin Center:

    • Look for and select Settings
    • If you don’t see Settings, you may have to click Show All on the right hand side
    • Under Settings, select Org Settings
    Step 3: Navigate to Security & Privacy
    • Within the Org Settings page, select the Security & Privacy tab
    Step 4: Set Passwords to Never Expire
    • Under the Security & Privacy page, select Password expiration policy
        • In the new window that appears, check the box to enable Set passwords to never expire
        • Click Save
        Previous Challenge

        While you’re here…

          Enhancing Cybersecurity Effectiveness through Employee Education: Introducing Our New Training Platform

          Enhancing Cybersecurity Effectiveness through Employee Education: Introducing Our New Training Platform

          Apr 24, 2024

          Threats loom larger with each passing day. Securing your organization’s assets has never been more critical. Our cybersecurity training platform stands ready to arm your workforce with the necessary knowledge and tactics—not just to respond to threats but to anticipate and neutralize them. Delivered through our comprehensive Workplace Suite, this platform offers an engaging, multifaceted educational experience that’s more than a set of tools; it’s a transformative process designed to strengthen the most crucial element of your security infrastructure: your people.

          read more
          Navigating New Citrix Licensing with Service Provider Solutions

          Navigating New Citrix Licensing with Service Provider Solutions

          Mar 7, 2024

          Citrix has introduced significant changes to its licensing model, impacting businesses of all sizes. Dive into these updates and discover a strategic approach for small and medium-sized businesses (SMBs) to adapt and thrive. Discover how the discontinuation of auto-renewals, new minimum seat requirements, and the shift toward cloud computing are reshaping how companies access and use Citrix solutions. More importantly, learn about the flexible alternative of Service Provider Licensing.

          read more
          How SMBs Can Outsmart Advanced Email Threats

          How SMBs Can Outsmart Advanced Email Threats

          Jan 22, 2024

          Explore the criticality of email security for businesses, delving into sophisticated threats like Spear Phishing, BEC, and Ransomware, and identify practical steps for enhanced protection. The article highlights the gaps in Microsoft 365’s email defense and advocates for a layered security approach. With real-life examples and tangible results, we underscore the importance of proactive measures and Third Octet’s comprehensive solutions to safeguard your business email and infrastructure against evolving cyber threats.

          read more