35% unsure if they follow UK password compliance

(Last updated on August 2, 2018)

The InsideTech report, Meeting Compliance Requirements in Password Security, examines the UK password compliance recommendations and what organizations are doing to comply.

Recently Bill Burr, the father of passwords and author of the 2003 password security guidelines for NIST, apologized for encouraging users to create complex passwords with letter, number and special character combinations. What became the basis of nearly every password policy is fundamentally flawed.

The National Cyber Security Centre warns that an overdependence on passwords and increasingly complex requirements for their use inevitably leads to users developing their own ‘coping mechanisms’. These could include “writing down passwords, re-using the same password across different systems, or using simple and predictable password creation strategies.”

Turning to government guidance can help update a password policy that hasn’t kept up with the times. The National Cyber Security Centre now recommends blacklisting the commonly used passwords, monitoring failed login attempts, not storing passwords in plain text format and prioritizing admin and remote user accounts for tougher rules.

Download the report here.

  • Was this Helpful ?
  • Yes   No

Tags: , ,

Back to Blog

Related Articles

© 2018 Specops Software. All rights reserved. Privacy and Data Policy