sb-au logo
Story image

Is the pain of resetting passwords finally over? 

The end of constantly resetting passwords may be in sight, with Microsoft declaring the practise is outdated.

Moreover, constantly changing passwords could potentially leave users more vulnerable to be hacked than if they stuck with one strong password.

However, according to reports, while the tech giant has changed its advice to businesses, it has no plans to remove the burden for its own users on its software and devices. 

Andy Cory, identity management services lead at KCOM, says technology has moved past the stage we constantly need to reset passwords. 

"It's now the role of businesses to take the responsibility off the end user, by coming up with a more intelligent strategy than a password expiry policy," he explains.

"That's not to say that passwords are not important - the effective management of passwords is one of the most vital aspects of corporate defence," Cory says. 

"It doesn't matter how strong your perimeter is, or how intelligent your breach detection - if users' accounts can be cracked open from the front, if their passwords can be guessed or stolen, then your company is as good as defenceless," he explains.

"Once an account has been compromised in this way an attacker will often be able to gain access to a whole plethora of sensitive information without setting off any internal alarms, with incalculable potential impact for the organisation."

Cory says the humble password is by no means dead. 

"It's simply time for businesses to come up with a more intelligent strategy than a password expiry policy," he says. 

"Frequent password changes encourage bad passwords, whereas a good password does not have to be changed that frequently. 

"Organisations should consider ditching a historical reliance on password expiry in favour of a more prescriptive policy on password strength, ensuring that strong but usable password rules and, preferably, multi-factor authentication are in place," Cory explains.

"As part of that, it's also important to have a high-capacity infrastructure in place that can reliably and securely handle the authentication data - only then can you match user experience with security needs."

Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
DDoS ransom attacks flare up again after brief hiatus
The second wave of attacks in December and January targeted organisations that were hit the first time and did not respond or pay the ransom. More
Story image
Pure Security & 6clicks take security risk management platform to market
“We are leading by example through our adoption of 6clicks, not just in Pure Security, but across the Tesserent group."More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Aruba ClearPass recognised by independent evaluation program
Aruba’s ClearPass Security Portfolio has recevived the coveted Cyber Catalyst designation, according to a statement from the company. More