Until recently, many “traditional” security best practices suggested that enforcing regular password expiration for computer user accounts, was a good security practice and that it contributed to more secure computer system environments.
Based on these practices, many organizations, after a fixed number of days, prompt their computer users to change their passwords.
Regular Password Expiration is an Old Practice
However, recent studies suggest that the enforcing regular password expiration, apart from causing frustration to the users, it is also a bad practice and has a negative impact to the overall security of systems. The main argument is that the enforcement of regular password change via expiration, increases the risk of having users that use passwords similar to the old ones, in order to remember them. This creates a weakness which could be potentially exploited by attackers.
Modern Security Best Practices
To this end, more modern approaches should be followed that take into consideration the new realities. One such reality is that, nowadays, the majority of people need to remember a large number of passwords and not just one. People need to remember passwords that have to do not only with the workplace, but also with many other things like: social media, online services, etc.
So, for example, instead of blindly enforcing password expiration, a new more user-friendly policy could monitor systems for failed login attempts, and based on a given logic, to prompt the affected user for changing her password. Also, systems could display for each end-user her last login date and time in order to review it and if there is a suspicion for unauthorized access, the user to contact the System Administrator for assistance.
Another good practice is to use account lockout in all systems. For example, when a user tries to login “x” times during an “y” period of time, the user account to be automatically locked for a “z” period of time along with informing the System Administrator.
The above, are only a few examples of suggested modern security best practices. The main concept, is to realize that along with technological evolution, user habits change as well thus forming new realities. These new realities must be taken into consideration when writing new security best practices documents, in order for these practices to have a real chance to be fully adopted by users.
In the opposite case, it is highly likely that users will find ways to make their life easier, independently of any best practices, thus causing weaknesses in the affected systems.
Featured Online Courses:
- Introduction to Computer Programming for Beginners
- .NET Programming for Beginners – Windows Forms with C#
- SQL Server Fundamentals – SQL Database for Beginners
- Data Management for Beginners – Main Principles
- Essential SQL Server Development Tips for SQL Developers
- Working with Python on Windows and SQL Server Databases
- Entity Framework: Getting Started – Complete Beginners Guide
- SQL Server 2019: What’s New – New and Enhanced Features
- Introduction to Azure Database for MySQL
- Boost SQL Server Database Performance with In-Memory OLTP
- Introduction to Azure SQL Database for Beginners
- How to Import and Export Data in SQL Server Databases
- Learn How to Install and Start Using SQL Server in 30 Mins
Read Also:
- Securing your SQL Server Instances
- How To Show “This PC” Icon on Windows 10 Desktop
- What is FinTech?
- How to Write a “Hello World” App in Visual C++
- How to Write a “Hello World” App in C#
- How to Get Started with SQL Server – First Steps
- Benefits of Primary Keys in Database Tables
- How to Rebuild All Indexes Online for a SQL Server Database
- What is the Internet of Things (IoT)?
- What is a Permalink?
- How do you Display Code Snippets in Microsoft Word?
- Permalink Structures in WordPress
Reference: {essentialDevTips.com} (https://www.essentialdevtips.com/)
© essentialDevTips.com
Rate this article: 
(1 votes, average: 5.00 out of 5)
Loading...
Artemakis Artemiou is a Senior SQL Server Architect, Author, a 9 Times Microsoft Data Platform MVP (2009-2018). He has over 15 years of experience in the IT industry in various roles. Artemakis is the founder of SQLNetHub and {essentialDevTips.com}. Artemakis is the creator of the well-known software tools Snippets Generator and DBA Security Advisor. Also, he is the author of many eBooks on SQL Server. Artemakis currently serves as the President of the Cyprus .NET User Group (CDNUG) and the International .NET Association Country Leader for Cyprus (INETA). Moreover, Artemakis teaches on Udemy, you can check his courses here.