Instead, Wynne suggests adding a layer of more robust authentication, like cryptographic credentials, or a biometric identifier (think fingerprint scanner).Īdding a layer of protection makes sense, but it also has potential ancillary benefits that aren’t quite so obvious.
“Passwords should not be considered sufficient for anything other than the lowest-risk applications.” “Don’t rely on passwords alone!” says Neil Wynne, a senior research analyst at Gartner who focuses on business security. This goes double for those on the admin side of the aisle. They’re much better, though, as part of an overall plan of attack. When deployed properly, passwords are pretty good.
#Best strong passwords password
"There’s no evidence that password changes improve outcomes. "Frequent password changes are largely a waste of time," says Microsoft Research security expert Cormac Herley. They should be! But it’s better to go through the trouble of making one good one, and sticking with it, than to expect to be able to turn over that many special characters more often than you do the pages on a wall calendar. “This encourages users to have stronger passwords and avoids simple schemes like incrementing a number at the end of the password each time they have to reset it.” “Admins who set password policies are better off requiring longer passwords and letting users keep them for longer, rather than requiring them to change passwords every one or two months,” says Burnett.
And if you’re an IT admin, don’t force your employees to.
We’ve touched on this before, but it’s counterintuitive enough that it bears repeating: Don’t change passwords every month.
0 kommentar(er)
