Story image

Is the pain of resetting passwords finally over? 

The end of constantly resetting passwords may be in sight, with Microsoft declaring the practise is outdated.

Moreover, constantly changing passwords could potentially leave users more vulnerable to be hacked than if they stuck with one strong password.

However, according to reports, while the tech giant has changed its advice to businesses, it has no plans to remove the burden for its own users on its software and devices. 

Andy Cory, identity management services lead at KCOM, says technology has moved past the stage we constantly need to reset passwords. 

"It's now the role of businesses to take the responsibility off the end user, by coming up with a more intelligent strategy than a password expiry policy," he explains.

"That's not to say that passwords are not important - the effective management of passwords is one of the most vital aspects of corporate defence," Cory says. 

"It doesn't matter how strong your perimeter is, or how intelligent your breach detection - if users' accounts can be cracked open from the front, if their passwords can be guessed or stolen, then your company is as good as defenceless," he explains.

"Once an account has been compromised in this way an attacker will often be able to gain access to a whole plethora of sensitive information without setting off any internal alarms, with incalculable potential impact for the organisation."

Cory says the humble password is by no means dead. 

"It's simply time for businesses to come up with a more intelligent strategy than a password expiry policy," he says. 

"Frequent password changes encourage bad passwords, whereas a good password does not have to be changed that frequently. 

"Organisations should consider ditching a historical reliance on password expiry in favour of a more prescriptive policy on password strength, ensuring that strong but usable password rules and, preferably, multi-factor authentication are in place," Cory explains.

"As part of that, it's also important to have a high-capacity infrastructure in place that can reliably and securely handle the authentication data - only then can you match user experience with security needs."

Story image
14 Aug
BitSight announces enterprise analytics to help security leaders manage risk
The solution provides visibility into which groups have the biggest impact on their organisations' overall cyber risk posture and helps identify areas for security performance improvement.More
Story image
14 Aug
Venafi announces guarantee for no certificate-related outages
Eliminating certificate-related outages within complex, multi-tiered architectures can feel like an impossible effort.More
Story image
14 Aug
Broadcom set to own Symantec’s enterprise security business for $10.7B
"M&A has played a central role in Broadcom's growth strategy and this transaction represents the next logical step in our strategy following our acquisitions of Brocade and CA Technologies," says Broadcom CEOMore
Story image
29 Jul
Gartner names Proofpoint leader in security training
Proofpoint’s training modules are built with learning science principles and include self-service customisation, which improves efficacy and ensures longer-term retention of training.More
Story image
14 Aug
ESET: Ignoring human element in cyber safety a mistake
"We believe that when employees are aware of their potential blindspots, they are naturally more invested and better prepared to be wary of things that may not seem quite right."More
Story image
07 Aug
Security teams spend 25% of their time chasing false positives
The report also showed that teams were also concerned about investigating actionable intelligence and building incident timelines as well as cleaning, fixing and/or patching networks. More