MediaPro’s Tom Pendergast Weighs in on CSO Online Password Security Story

MediaPro's Tom Pendergast weighs in on CSO Online password security story

Regular and required password changes are the key to sound password security, right?
Not necessarily, says InfoSec writer Taylor Armerding in a recent CSO Online article.
As Armerding writes, conventional password wisdom was challenged when FTC Chief Technologist Lorrie Cranor declared it was “time to rethink mandatory password changes.” From Cranor’s perspective, changing passwords frequently could do more harm than good because users who are required to change their passwords change them in subtle ways that are easily predictable.
Armerding also cites recent research from the University of North Carolina that seems to support his notion. After analyzing passwords from more than 10,000 defunct accounts of former students, faculty and staff, researchers found it significantly easier to crack new passwords once they’d cracked an older one. If they knew a previous password, researchers were able to successfully guess the newer one in fewer than five tries!
Who or what is to blame? Armerding turned to MediaPro’s own Tom Pendergast:
“Current policies set the bar far too low for complexity in passwords and don’t require multi-factor authentication, acknowledged as the best commonly-available solution,” Dr. Pendergast told Armerding.
“There is plenty of existing technology designed specifically to prevent users from repeating passwords, using common passwords, and enforcing password rules. A surprising number of companies don’t use these basic password reinforcement functions.”
As InfoSec research consistently shows, the human element remains a popular in-road for cybercriminals seeking valuable personal data. Sturdy password security protocols should be just the beginning of a fully-featured employee security awareness program.
Click here to read the full article.

Share this Post

Related Posts

MediaPro's Steve Conrad chats with SC Magazine about the importance of the c-suite taking cybersecurity seriously.
SC Magazine Quotes MediaPro’s Steve Conrad In Article on CEOs Taking Cybersecurity Seriously
Learn from MediaPro Founder and Manager Director Steve Conrad how make the business case for a robust employee awareness program
Video: MediaPro Best Practices: Making the Business Case for a Robust Awareness Program
MediaPro's Steve Conrad talks with CSO Online about the importance of teamwork between HR and IT to safeguard cybersecurity.
MediaPro’s Steve Conrad Quoted by CSO Online on the Need for Better Teamwork Between IT and HR
Join MediaPro Founder and Managing Director Steve Conrad as he outlines the impact of a risk-aware corporate culture.
Video: MediaPro Best Practices: Why Prioritize Employee Awareness?