Data protection - Is it time to review password protocols?

  • Blog
  • 05 / 04 / 17
  • By kloc

Up until now network security experts have always recommended that people with access to online accounts use long and complicated passwords to make hacking more difficult. They have also been keen advocates of regularly changing those passwords. However, has the time come to review these protocols?

As noted on a recent blog on Datacentre.me a recent publication by the governmental group Communications Electronic Security Group (CESG) suggested that forced password expiration could be outdated and counterproductive to security. The report goes further and CESG is recommending account holders should no longer be forced to change their passwords regularly.
How have CESG come to these conclusions and why is it making such recommendations you would be right to ask. So, let me break the reasons for the new guidance down with just a few examples.

  • CESG experts say that forcing users to select new passwords too often will likely result in many choosing less complicated passwords so they do not forget them. Less complicated usually means more vulnerable.
  • CESG also claims that there is little security value in changing passwords as long as users are making their original choices lengthy and with a random combination of letters, numbers and symbols.
  • Experts say that users are more likely to choose passwords similar to the ones they are replacing when forced by expiration to do so. They say that, in effect, this makes the new passwords no more secure than the old ones. If a hacker gets hold of an old password, it is relatively easy to figure out the new one.

Here at N2S we are proud of our data security expertise and we agree wholeheartedly with CESG when it says there are now other, more secure, ways to accomplish what password security has historically achieved, such as using one of the many sophisticated monitoring tools available.
As we are CESG approved to provide data protection services at the highest level of the HM Government we are extremely well placed to offer the best advice on this issue. We say the time has come to review traditional password protocols to ensure you are using the most secure and up to date methods available.

Follow us
Email us
Call us
01284 761111