Why Password Hygiene Needs a Reboot

2021-05-17 04:35

Just because passwords aren't going anywhere anytime soon doesn't mean that organizations don't need to modernize their approach to password hygiene right now.

As Microsoft's security team put it, "All it takes is one compromised credentialto cause a data breach." Coupled with the rampant problem of password reuse, compromised passwords can have a significant and long-lasting impact on enterprise security.

Researchers from Virginia Tech University found that over 70% of users employed a compromised password for other accounts up to a year after it was initially leaked, with 40% reusing passwords that were leaked over three years ago.

NIST is now recommending against periodic password resets and suggesting that companies only require passwords to be changed if there is evidence of compromise.

Should a previously safe password become compromised down the road, organizations can automate the appropriate action-for example, forcing a password reset at the next log-in or shutting down access entirely until IT investigates the problem.

Find out more about Enzoic's dynamic password threat intelligence and how it can help reboot your approach to password hygiene here.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/r7FwubEp0yY/why-password-hygiene-needs-reboot.html