X

Is your Password Policy up to scratch?

Posted 25th July 2019
Password expiry policies can be counter-productive

 

We’ve very excited about the new version of Mojo that's soon to be released. We believe that version 3 is another game changer for the property management industry.

There'll be much more to come on Mojo 3 very soon. But right now we’re focused on the massive improvements to security that the release will bring. 

This release is particularly good at helping you to better align your Trace Solutions applications with your wider corporate password policies.

These policies include everything from being able to set the minimum length of a password to exactly how many of the different types of special characters a password must contain.

Which is all great. But we think the real question that should be asked is, is your corporate policy everything it should be?

For example, many organisations require their users to regularly change their password. 

At first glance that sounds like a good idea. But in common with GCHQ’s National Cyber Security Centre, we recommend that you don’t adopt this as a requirement*.

Why? Because if you’re forced to change your password at regular intervals, chances are the new one will be similar to the old. You’re also more likely to write it down, which is another vulnerability (attackers are very good as exploiting these weaknesses).

Perhaps the most important effect, though, is on usability. Frequent new passwords are much more likely to be forgotten, which can lead to significantly lower productivity.

You can read all about the perils of password expiry policies on the NCSC website here.

But why not just adopt the altogether simpler Three Random Words approach, instead?

 

 

*Although please note, if the relevant corporate authorities refuse to listen and continue to demand that periodic password expiry is enforced, the new release will indeed allow you to do so!