itb-nz logo
Story image

Is the pain of resetting passwords finally over? 

The end of constantly resetting passwords may be in sight, with Microsoft declaring the practise is outdated.

Moreover, constantly changing passwords could potentially leave users more vulnerable to be hacked than if they stuck with one strong password.

However, according to reports, while the tech giant has changed its advice to businesses, it has no plans to remove the burden for its own users on its software and devices. 

Andy Cory, identity management services lead at KCOM, says technology has moved past the stage we constantly need to reset passwords. 

"It's now the role of businesses to take the responsibility off the end user, by coming up with a more intelligent strategy than a password expiry policy," he explains.

"That's not to say that passwords are not important - the effective management of passwords is one of the most vital aspects of corporate defence," Cory says. 

"It doesn't matter how strong your perimeter is, or how intelligent your breach detection - if users' accounts can be cracked open from the front, if their passwords can be guessed or stolen, then your company is as good as defenceless," he explains.

"Once an account has been compromised in this way an attacker will often be able to gain access to a whole plethora of sensitive information without setting off any internal alarms, with incalculable potential impact for the organisation."

Cory says the humble password is by no means dead. 

"It's simply time for businesses to come up with a more intelligent strategy than a password expiry policy," he says. 

"Frequent password changes encourage bad passwords, whereas a good password does not have to be changed that frequently. 

"Organisations should consider ditching a historical reliance on password expiry in favour of a more prescriptive policy on password strength, ensuring that strong but usable password rules and, preferably, multi-factor authentication are in place," Cory explains.

"As part of that, it's also important to have a high-capacity infrastructure in place that can reliably and securely handle the authentication data - only then can you match user experience with security needs."

Story image
'Is that a robot herding sheep?' Kiwi startup teaches old dog new tricks
It's all thanks to a partnership between global robotics stalwart Boston Dynamics, a Kiwi startup called Rocos, and a robotic dog called Spot.More
Download image
VPNs essential for the modern work environment
Your VPN needs to offer easy, frictionless and secure access to more users than ever before, or you risk letting malicious threat actors in.More
Story image
ExtraHop brings SaaS network detection and response solution to market
"Reveal(x) 360 is the culmination of a multi-year R&D investment to secure data centre, remote sites, and cloud workloads with frictionless deployment and actionable insights that can be securely accessed from anywhere.”More
Story image
What happens when you run Linux on a toaster?
Just because you can build a toaster that runs Linux, it doesn’t mean you should.  So why are you using commodity hardware in your data centre that was built to do something else entirely?More
Link image
Revealed: The A-Z of mobile workforce security
Ordinary office workers - now home office workers - have never been more at risk of cyber threats. Join this webcast series to hear from experts on how to best protect your business and your staff.More
Link image
Free Webinar: Migrate to Office 365 fast and accelerate remote work with <span class="coloured">AvePoint</span>
The COVID-19 pandemic is a perfect example of why moving to the cloud is a necessity in today's climate. Learn why your organisation needs to migrate to Office 365 to ensure seamless remote work and business continuity in our free webinar on 21 May.More