Password expiration policies
Category : Business | Posted : Jan 4, 2021
Password expiration policies are a standard business practice and have been for a very long time. Many companies had or currently have policies in place that force employees to change their password every 60-90 days (which was everybody’s favourite task to do, am I right?). The problem is that all too often this policy results in more IT issues than it prevents. Fortunately, in 2017, new recommendations were released (supported by Microsoft) that raised security concerns related to this practice. For example, if someone is to steal your password, that 60-90-day window is just too wide, meaning that the damage will already be done by the time you are auto-reminded to choose a new password. Additionally, what tends to happen is when you have a password expiration policy in place, it perpetuates poor password hygiene. Here is what happens: The newest guidance is that passwords should not change unless there is a compelling reason to do so. Having a complex password in place is still a requirement, however, if you have taken the time to choose a very strong password you won’t have to change it periodically. Therefore, you are more likely to choose a password that will better prevent a cyber-attack. Safeguard your passwords with other mechanisms It is also recommended that you have other mechanisms in place, like multi-factor authentication, so that if a password does get lost, hackers cannot access your account. Another common best practice to support secure passwords is to use a service that will block known bad passwords from being used. This will prevent people, for instance, using the passwords that can be easily guessed, like “password” or “123456” or “abc123.” There are many new security features that offer better password protection. Start by turning off your password expiration policy and put some of these new practices and tools in place to detect malicious login attempts. Doing this will enable you to know if you’re being attacked. This will result in you having happier users and a more secure network. If you are concerned about your employees’ password hygiene, contact us to setup a meeting to discuss what you can do to protect your business network.Why it is no longer a good idea to have a password expiration policy in a business network
Custom GPTs: Revolutionizing Operations for SMB’s
In today’s fast-paced digital economy, small and medium-sized businesses (SMBs) are constantly seeking innovative solutions…
Learn To Utilize AI Safely And Effectively
Utilizing artificial intelligence (AI) can significantly boost your team’s efficiency, creativity, and output. However, adopting…