PCI Password

PCI Password Requirements: Is It Enough?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements aimed at ensuring sensitive data is protected, privacy is maintained, and networking systems are robust enough to withstand cyber-attacks. PCI standards aren’t specific to any one country or organization, but rather function as a global set of standards that everyone can adhere to. As with almost …

Root Passwords

Root Passwords: The Root of Password Problems

The average online user has over 90 accounts between personal and work accounts that require a password. That is a daunting number of unique passwords to memorize. In an effort to remember their passwords, most users will select common “root” words with easily guessable variations. These root passwords become predictable passwords when one becomes compromised. Password Expiration Policies The situation …

Password Rotation Policy

The Pros and Cons of Password Rotation Policies

Why Password Rotation Policies May No Longer Be Fit-For-Purpose In the Digital Age Forced password resets have been a common feature of password policies for a long time and are still widely used. However, Microsoft and the NIST password guidelines, recommend doing away with password rotation policies, claiming they don’t improve security – and can actually make it worse. Despite …

The High Cost of Password Expiration Policies

The High Cost of Password Expiration Policies

For many cybersecurity professionals, one of the more surprising ideas to come out of 2019 is the recommendation to drop forced password expiration policies. Forced password expiration policies have been around for many years now and are a widespread element of cybersecurity frameworks within organizations across the world over. However, we’re now being told they may not be necessary. Password …

Eliminating the Burden of Periodic Password Reset: The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords.

Eliminating the Burden of Periodic Password Reset

The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords, including eliminating the forced periodic password reset. The most publicized recommendation is throwing away password complexity rules and this recommendation is still hotly contested on many security forums. However, what really catches the attention of most Active Directory and system admins, is the instruction …