Passwords - Change/Don't Change?

The IT security wing of Britain's intelligence agency GCHQ says that forcing employees to regularly change their passwords is counter-productive because the chances are that a new password will inevitably bear a striking resemblance to the old one or that the new password would be less secure because it'll probably be written down somewhere. It also suggests that there are business productivity implications when staff forget their new passwords and require assistance to gain access to their PCs.

Education, education, education

We think education is key. Companies need to help their staff keep their systems as secure as possible, understand how to create and remember effective passwords and show them HOW their passwords can be identified. It's important too that staff appreciate the damage sloppy security can wreak on a business. An engaged and informed workforce who know how they can make a difference is an excellent line of defence against cyber crime.

Keep it simple, sunshine

But that doesn't mean that cyber security needs to become an onerous time-consuming task for your team. There are lots of things that can be done keep security genuinely at the top of everyone's agenda instead of just paying it lip service.

A good IT network that uses throttling and lockout to prevent 'brute force' attempts at identifying passwords, simplifying things by only using passwords where they are really needed and preventing the use of blatantly obvious ones (such as 'password', 'qwerty', '123456' and 'incorrect' as someone wittily but unhelpfully once suggested) are just some of the ways to help defend your business.

Cyber security is an ongoing, shapeshifting, neverending battle. The more flexible your arsenal, the more effective you'll be at thwarting attacks on your business.

Posted by Kirsty McIntosh on Wednesday, May 11, 2016



PAIN-FREE IT +44 (0)1324 486 844

  • Linked-In
  • Twitter
  • RSS