Expiring passwords are actually counterproductive. Here’s why.
SKSP strongly recommends its clients discontinue mandatory routine password changes. We’ve seen even large corporations require quarterly password resets. This actually can decrease network security, and the reasons are logical. First, human nature reduces the efficacy of this. Imagine for a moment, that you’re a cashier. You worked late last night, and have the early shift today. When you get to work, you’re exhausted and just want to log in to start your shift. But surprise! You’re due for a password reset. Do you think the average person is going to choose, enter, and then try to remember another strong password, or do you think they’re going to take the easy route?
This leads to entire staffs using similar passwords: like “Spring20,” “Summer20,” “Autumn20,” and so forth. Now imagine the same staff following some simpler protocols (including adding random characters, etc.). Suppose the cashier decides to mix some of her address and a special character and comes up with something like, “Sarah@1512Main!” It’s a far more robust password and she’s likely to remember it.
Password expiry is counterproductive and decreases security across your systems. Don’t believe us? Microsoft, Google, and the National Institutes of Standards and Technology have all backed away from the practice.
-GM
Leave a Reply
You must be logged in to post a comment.