35% unsure if they follow UK password compliance
(Last updated on May 9, 2018)
The InsideTech report, Meeting Compliance Requirements in Password Security, examines the UK password compliance recommendations and what organizations are doing to comply.
Recently Bill Burr, the father of passwords and author of the 2003 password security guidelines for NIST, apologized for encouraging users to create complex passwords with letter, number and special character combinations. What became the basis of nearly every password policy is fundamentally flawed.
The National Cyber Security Centre warns that an overdependence on passwords and increasingly complex requirements for their use inevitably leads to users developing their own ‘coping mechanisms’. These could include “writing down passwords, re-using the same password across different systems, or using simple and predictable password creation strategies.”
Turning to government guidance can help update a password policy that hasn’t kept up with the times. The National Cyber Security Centre now recommends blacklisting the commonly used passwords, monitoring failed login attempts, not storing passwords in plain text format and prioritizing admin and remote user accounts for tougher rules.
Download the report here.
Since assuming its role as UK’s weapon in security IT, the National Cyber Security Centre (NCSC) has published various best…Read More
Press Release: Specops enables organizations to comply with password requirements from NIST and NCSC
Stockholm, Sweden – March 7, 2018. Specops Software announced today the release of Specops Password Policy 6.7, which provides customers…Read More
With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, all organizations collecting or processing…Read More