sb-nz logo
Story image

Is the pain of resetting passwords finally over? 

The end of constantly resetting passwords may be in sight, with Microsoft declaring the practise is outdated.

Moreover, constantly changing passwords could potentially leave users more vulnerable to be hacked than if they stuck with one strong password.

However, according to reports, while the tech giant has changed its advice to businesses, it has no plans to remove the burden for its own users on its software and devices. 

Andy Cory, identity management services lead at KCOM, says technology has moved past the stage we constantly need to reset passwords. 

"It's now the role of businesses to take the responsibility off the end user, by coming up with a more intelligent strategy than a password expiry policy," he explains.

"That's not to say that passwords are not important - the effective management of passwords is one of the most vital aspects of corporate defence," Cory says. 

"It doesn't matter how strong your perimeter is, or how intelligent your breach detection - if users' accounts can be cracked open from the front, if their passwords can be guessed or stolen, then your company is as good as defenceless," he explains.

"Once an account has been compromised in this way an attacker will often be able to gain access to a whole plethora of sensitive information without setting off any internal alarms, with incalculable potential impact for the organisation."

Cory says the humble password is by no means dead. 

"It's simply time for businesses to come up with a more intelligent strategy than a password expiry policy," he says. 

"Frequent password changes encourage bad passwords, whereas a good password does not have to be changed that frequently. 

"Organisations should consider ditching a historical reliance on password expiry in favour of a more prescriptive policy on password strength, ensuring that strong but usable password rules and, preferably, multi-factor authentication are in place," Cory explains.

"As part of that, it's also important to have a high-capacity infrastructure in place that can reliably and securely handle the authentication data - only then can you match user experience with security needs."

Story image
WatchGuard names new regional director for A/NZ
Anthony Daniel says, "I look forward to continuing to drive our business strategy, grow our channel and to supporting business growth Australia and New Zealand and the Pacific islands."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More
Story image
O365 a weak point ripe for exploit, say security professionals
71% of more than 1,000 security professionals have been on the receiving end of a Microsoft 365 account takeover, on average, seven times in the last year alone.More
Story image
Combine endpoint privilege management with these tools for maximum protection
By integrating an EPM solution with additional technologies, teams can manage the entire security tool stack more easily and enhance each component’s effectiveness.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More