They are focusing more on compliance with outdated regulatory requirements than they do on password security principles that actually work.Īccording to the most recent Verizon Data Breach Investigations Report (DBIR), roughly 50% of data breaches involved stolen passwords. Users and companies that follow the obsolete password security advice are likely increasing their computer security risk, not decreasing it. This advice continues to be repeated by some of the foremost experts.īut this advice is at best, incomplete, and at worst, completely WRONG! Why? Because it is outdated, incomplete cybersecurity advice that was never actually good in the first place.ĭon’t believe me? Years of data support my position. Use of account lockouts for bad passwords, with a limit of 5 or fewer bad attempts.Password rotation – Passwords must be changed every 90 days or less.Password complexity that means it contains at least three different character sets (e.g., uppercase characters, lowercase characters, numbers, or symbols).A minimum length of 8 to 12 characters long, with long passphrases being even better.You know what I am talking about, the password policy dictates: Rarely do I attend a conference where I don’t hear someone sharing their supposed “good” password policy advice. And while some have tried to replace passwords with biometric data, such as fingerprints and face-scanning technology, these are not perfect, so many resort back to the trusty (but frustrating) old password. Nobody likes passwords, but for now, they are not going anywhere. Moreover, with the explosion of non-human / machine accounts, such as service accounts, applications accounts, robotic processing automation (RPA), and more, the password problem is getting considerably more complex. And guess what? The new password you do come up with is easily guessed and hackable. Passwords are cumbersome and hard to remember - and just when you do remember them, you’re ordered to change them again. Think passwords will soon be dead? Think again. This blog has been updated with new data and insights since it was originally published on August 2, 2019.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |