35% unsure if they follow UK password compliance
(Last updated on August 2, 2018)
The InsideTech report, Meeting Compliance Requirements in Password Security, examines the UK password compliance recommendations and what organizations are doing to comply.
Recently Bill Burr, the father of passwords and author of the 2003 password security guidelines for NIST, apologized for encouraging users to create complex passwords with letter, number and special character combinations. What became the basis of nearly every password policy is fundamentally flawed.
The National Cyber Security Centre warns that an overdependence on passwords and increasingly complex requirements for their use inevitably leads to users developing their own ‘coping mechanisms’. These could include “writing down passwords, re-using the same password across different systems, or using simple and predictable password creation strategies.”
Turning to government guidance can help update a password policy that hasn’t kept up with the times. The National Cyber Security Centre now recommends blacklisting the commonly used passwords, monitoring failed login attempts, not storing passwords in plain text format and prioritizing admin and remote user accounts for tougher rules.
Download the report here.
Since assuming its role as UK’s weapon in security IT, the National Cyber Security Centre (NCSC) has published various best practice guides on topics related to IT infrastructure, most notably a Password Guidance to help organizations simplify their approach. The Password Guidance, while advisory in nature (and not standard), shares a theme with NIST’s Digital…Read More
Press Release: Specops enables organizations to comply with password requirements from NIST and NCSC
Stockholm, Sweden – March 7, 2018. Specops Software announced today the release of Specops Password Policy 6.7, which provides customers with a password blacklist to comply with requirements from the National Institute of Standards and Technology (NIST) and National Centre of Cyber Security (NCSC). In the latest version of Specops Password Policy, it is possible…Read More
With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, all organizations collecting or processing data for individuals within the EU are in the midst of developing their compliance strategy. The new regulation will carry an impact well beyond Europe. A recent PwC pulse survey found that over half of…Read More