As noted on a recent blog on Datacentre.me a recent publication by the governmental group Communications Electronic Security Group (CESG) suggested that forced password expiration could be outdated and counterproductive to security. The report goes further and CESG is recommending account holders should no longer be forced to change their passwords regularly.
How have CESG come to these conclusions and why is it making such recommendations you would be right to ask. So, let me break the reasons for the new guidance down with just a few examples.
Here at N2S we are proud of our data security expertise and we agree wholeheartedly with CESG when it says there are now other, more secure, ways to accomplish what password security has historically achieved, such as using one of the many sophisticated monitoring tools available.
As we are CESG approved to provide data protection services at the highest level of the HM Government we are extremely well placed to offer the best advice on this issue. We say the time has come to review traditional password protocols to ensure you are using the most secure and up to date methods available.