Until recently, many “traditional” security best practices suggested that enforcing regular password expiration for computer user accounts, was a good security practice and that it contributed to more secure computer system environments.
Based on these practices, many organizations, after a fixed number of days, prompt their computer users to change their passwords.
Regular Password Expiration is an Old Practice
However, recent studies suggest that the enforcing regular password expiration, apart from causing frustration to the users, it is also a bad practice and has a negative impact to the overall security of systems. The main argument is that the enforcement of regular password change via expiration, increases the risk of having users that use passwords similar to the old ones, in order to remember them. This creates a weakness which could be potentially exploited by attackers.
Modern Security Best Practices
To this end, more modern approaches should be followed that take into consideration the new realities. One such reality is that, nowadays, the majority of people need to remember a large number of passwords and not just one. People need to remember passwords that have to do not only with the workplace, but also with many other things like: social media, online services, etc.
So, for example, instead of blindly enforcing password expiration, a new more user-friendly policy could monitor systems for failed login attempts, and based on a given logic, to prompt the affected user for changing her password. Also, systems could display for each end-user her last login date and time in order to review it and if there is a suspicion for unauthorized access, the user to contact the System Administrator for assistance.
Another good practice is to use account lockout in all systems. For example, when a user tries to login “x” times during an “y” period of time, the user account to be automatically locked for a “z” period of time along with informing the System Administrator.
Enroll to my online course on Udemy, titled “SQL Server Fundamentals – SQL Database for Beginners” and get started with SQL Server on both Windows and Linux in no time!Enroll Now!
The above, are only a few examples of suggested modern security best practices. The main concept, is to realize that along with technological evolution, user habits change as well thus forming new realities. These new realities must be taken into consideration when writing new security best practices documents, in order for these practices to have a real chance to be fully adopted by users.
In the opposite case, it is highly likely that users will find ways to make their life easier, independently of any best practices, thus causing weaknesses in the affected systems.
Featured Online Courses:
- A Guide on How to Start and Monetize a Successful Blog
- Introduction to Azure Database for MySQL
- Working with Python on Windows and SQL Server Databases
- Boost SQL Server Database Performance with In-Memory OLTP
- Introduction to Azure SQL Database for Beginners
- Essential SQL Server Administration Tips
- SQL Server Fundamentals – SQL Database for Beginners
- Essential SQL Server Development Tips for SQL Developers
- Introduction to Computer Programming for Beginners
- .NET Programming for Beginners – Windows Forms with C#
- Introduction to SQL Server Machine Learning Services
- SQL Server 2019: What’s New – New and Enhanced Features
- Entity Framework: Getting Started – Complete Beginners Guide
- How to Import and Export Data in SQL Server Databases
- Learn How to Install and Start Using SQL Server in 30 Mins
Rate this article:
Reference: TechHowTos (https://www.techhowtos.com)