Here at ISAAC Intelligence, we take security seriously and understand how important it is to keep company and personal information safe and secure. We also understand that the key to good security is users who understand how important it is to keep their account secure and are not frustrated by constant changes to passwords and sign in methods. Implementing MFA for all users is essential to good security but enforcing this doesn’t mean making it more difficult for them. In fact, if you remove the requirement for regular password changes and allow them to reset their own passwords you can make it easier for the them to login and remain secure at the same time.
Frequent Password changes are not necessary and can make things worse.
For the past 2 decades security advice has always recommended changing passwords every 30, 60, 90 days and this was enforced by businesses across the world. However last year this advice was changed by Microsoft and NIST (National Institute of Standards and Technology). They now advise businesses to reduce the requirement to constantly change them. The reason this advice has changed is because they have established that forcing constant changes increases bad security practices such as writing them down, using the same password across accounts and creating weak passwords if allowed.
Reducing or removing the requirement to change your password, doesn’t mean that users will never have to change it but by educating them on best practice and letting them know when they should change their password, is a lot more effective than forcing them to change it when they don’t need to. If users are educated and understand why MFA is much more secure and effective than constant password changes, they are more likely to adopt good security practices across all their accounts.
If you are interested in implementing these new security practices in your business or having a wider conversation around security in general, then please get in touch.