![]() ![]() It doesn’t matter how strong your perimeter is, or how intelligent your breach detection – if users’ accounts can be cracked open from the front, if their passwords can be guessed or stolen, then your company is as good as defenceless. That’s not to say that passwords are not important – the effective management of passwords is one of the most vital aspects of corporate defence. “The truth is that technology has moved past the stage where we constantly need to reset passwords. “The humble password is by no means dead”Īndy Cory, identity management services lead at KCOM said: The company recommends that users only use passwords that are “random and strong” and “strongly recommends” that organisations put in place additional protections. However, Microsoft maintains that organisations can still “choose whatever best suits their perceived needs”. Instead, other policies such as banned password lists, multi-factor authentication, or the detection of password-guessing attacks may be more effective, and may even mitigate the need for periodic password expiration.īecause of this, the company has updated its advice to businesses, saying that “mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value”. Therefore, Margosis believes that forcing users to change their password regularly can “acquire those problems for no benefit”. If this has not occurred, then changing it serves little purpose, and if it has, users need to act immediately rather than waiting for it to expire. ![]() Password expiration policies are only effective if the password has been stolen, the post claims. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |