Subscribe
Home » Updating your password is not only annoying — it might make you more susceptible to identity theft

Updating your password is not only annoying — it might make you more susceptible to identity theft

by Staff
0 comment

They are the words that fill office workers with dread: Your password has expired.

That annoying message often triggers a frantic update — usually just a slight variation on the original — resulting in users trying to commit a jumble of codes to memory.

But new password policy recommendations from Microsoft say that not only is the practice tedious, it makes us more vulnerable. And forget using numbers, special characters or warnings that “this password is too short.” All are out the Windows.

“Password expiration requirements do more harm than good because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other,” Microsoft proclaimed in a recent memo.

It was sent to company tech administrators of Microsoft 365, which includes programs such as Outlook, Word, Powerpoint and Skype.

“Password expiration requirements do more harm than good because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other,” Microsoft proclaimed in a recent memo.
Getty Images

The widely used password expiration standard was adopted in 2004 when numerous government agencies issued best-practice guidelines that included the bothersome periodic gatekeeping.

But in 2017, the National Institute of Standards and Technology reversed that recommendation. Microsoft, which required a change every 60 days, dropped that rule in 2019, calling it “an ancient and obsolete mitigation of very low value.” However, at the time, they didn’t change their password requirements for minimum length or complexity.

But Microsoft is questioning those rules too, noting that humans humans have predictable patterns that are easily manipulated by the bad guys.

“Understanding human nature is critical because research shows that almost every rule you impose on your users will result in a weakening of password quality. Length requirements, special character requirements, and password change requirements all result in normalization of passwords, which makes it easier for attackers to guess or crack passwords,” the memo added.

Programming code and big data wave on a black background.
The widely used password expiration standard was adopted in 2004 when numerous government agencies issued best-practice guidelines that included the bothersome periodic gatekeeping. 
Getty Images

Microsoft, however, isn’t throwing out all the rules. They still advise against using obvious passwords such as “12345” or “abcde” and stress that passwords should be difficult to guess. And they still recommend an eight-character minimum length (anything longer, though, could result in weak repeat passwords such as “passwordpassword”).

And the gold standard, they say, is still multi-factor authentification.

“Make sure your users update contact and security information, like an alternate email address, phone number, or a device registered for push notifications, so they can respond to security challenges and be notified of security events.”

Read the full article here

You may also like

Leave a Comment

Iman Hearts is one of the biggest lifestyle news and articles portals, we provide the latest news and articles about family, lifestyle, entertainment, and many more, follow us to get the latest news about what matters to you.

 

© 2022 Iman Hearts. All rights reserved. Sitemap