Is your Password Policy up to scratch?
We’ve very excited about the new version of Mojo. We believe that version 3 is another game changer for the property management industry.
We'll be publishing much more about Mojo 3 very soon. But for now let's focus on the massive improvements to security that the release brings.
This release is particularly good at helping you to better align your Trace Solutions applications with your wider corporate password policies.
These policies include everything from being able to set the minimum length of a password to exactly how many of the different types of special characters a password must contain.
Which is all great. But we think the real question that should be asked is, is your corporate policy everything it should be?
For example, many organisations require their users to regularly change their password.
At first glance that sounds like a good idea. But in common with GCHQ’s National Cyber Security Centre, we recommend that you don’t adopt this as a requirement*.
Why? Because if you’re forced to change your password at regular intervals, chances are the new one will be similar to the old. You’re also more likely to write it down, which is another vulnerability (attackers are very good as exploiting these weaknesses).
Perhaps the most important effect, though, is on usability. Frequent new passwords are much more likely to be forgotten, which can lead to significantly lower productivity.
You can read all about the perils of password expiry policies on the NCSC website here.
But why not just adopt the altogether simpler Three Random Words approach, instead?
*Although please note, if the relevant corporate authorities refuse to listen and continue to demand that periodic password expiry is enforced, the new release will indeed allow you to do so!