Industry experts have been predicting the death of the humble password for decades. To date, those predictions have amounted to nothing.
Passwords are still with us and still serve as the cornerstone of security, even as other measures have arisen alongside them to help better secure your all-important data.
Even though passwords aren't gone, the security landscape is changing. Recently, Microsoft has announced another step down that path of change. They're doing away with the notion of forced password changes.
Forced password changes don't do much
The logic is hard to argue with. The policy of forced password changes really doesn't offer all that much in the way of protection. It often creates as many headaches and problems as it solves, because users tend to make small, virtually meaningless and easy to predict changes to their passwords. Or, they often forget their new ones anyway.
While Microsoft is no longer forcing password changes at periodic intervals, they are leaving the option available for corporate users to establish their own forced password change thresholds if they choose to do so. In tandem with the coming change, they're also recommending that security professionals perform a periodic review of passwords to ensure that the passwords in use aren't on the list of the UK National Cyber Security Centre's list of the 100,000 worst passwords.
Infographic: Helping make password policies more secure
One important thing to note is the fact that the company isn't making any changes to its requirements for minimum password length, complexity, or history. That is essential in terms of keeping users from simply recycling the same two or three passwords, switching endlessly back and forth between them.
It's also worth mentioning that these changes could benefit companies that are currently under audit. That is if the auditing agency is using Microsoft's security baseline as a guideline. That makes this seem like a small, but it is more significant than it may first appear.
Meanwhile, check out this report
Free Executive Report: 10 Hidden IT Risks That Might Threaten Your Business
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. We specialize in managed IT support for smaller healthcare practices, financial services firms, and nonprofits in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations. As well as providing small business technology education programs through business and professional associations.
Contact me if you would like me to speak at your association.