itb-au logo
Story image

Is the pain of resetting passwords finally over? 

The end of constantly resetting passwords may be in sight, with Microsoft declaring the practise is outdated.

Moreover, constantly changing passwords could potentially leave users more vulnerable to be hacked than if they stuck with one strong password.

However, according to reports, while the tech giant has changed its advice to businesses, it has no plans to remove the burden for its own users on its software and devices. 

Andy Cory, identity management services lead at KCOM, says technology has moved past the stage we constantly need to reset passwords. 

"It's now the role of businesses to take the responsibility off the end user, by coming up with a more intelligent strategy than a password expiry policy," he explains.

"That's not to say that passwords are not important - the effective management of passwords is one of the most vital aspects of corporate defence," Cory says. 

"It doesn't matter how strong your perimeter is, or how intelligent your breach detection - if users' accounts can be cracked open from the front, if their passwords can be guessed or stolen, then your company is as good as defenceless," he explains.

"Once an account has been compromised in this way an attacker will often be able to gain access to a whole plethora of sensitive information without setting off any internal alarms, with incalculable potential impact for the organisation."

Cory says the humble password is by no means dead. 

"It's simply time for businesses to come up with a more intelligent strategy than a password expiry policy," he says. 

"Frequent password changes encourage bad passwords, whereas a good password does not have to be changed that frequently. 

"Organisations should consider ditching a historical reliance on password expiry in favour of a more prescriptive policy on password strength, ensuring that strong but usable password rules and, preferably, multi-factor authentication are in place," Cory explains.

"As part of that, it's also important to have a high-capacity infrastructure in place that can reliably and securely handle the authentication data - only then can you match user experience with security needs."

Story image
COVID-19: Adobe unveils index to track changes in consumer behaviour
In an effort to track and analyse the ways in which the pandemic is changing retail behaviour, Adobe has revealed its Digital Economy Index, which analyses trillions of online transactions across 100 million product SKUs in 18 product categories. More
Story image
Ivanti launches automated assistants to empower IT teams
Ivanti has added new Ivanti Assistants to its portfolio of enterprise service management (ESM) solutions to bring endpoint self-healing capabilities to businesses.More
Story image
COVID-19 employment engagement surveys released
Free templates for emergency response employment engagement surveys have been created to help support organisations throughout the COVID-19 outbreak. More
Story image
Lenovo announces new edge and Azure cloud-tiering solutions
The solutions, say DCG, were designed in response to the ever-increasing number of connected IoT devices and the masses of data this creates from edge to the core.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
LINE Corporation chooses Cloudera to advance data and AI powered R&D
LINE Corporation has selected Cloudera to develop its AI technology based business and further empower its Data Science and Engineering Centre (DSEC), thus strengthening its data-driven business objectives.More