April 4, 2021

Modern Password Policy Advice

I see a lot of threads around password policies on this subreddit which sadly tell the story that many organisations are following advice from yesteryear which actually *decreases* security.

Forcing users to set complex passwords with special character minimums and regular expiry is terrible practice and should be stopped because it forces your users into bad habits. They are already suffering with credentail overland and have many passwords
to remember, why not make their lives a little easier and your security better by following modern best practices?

[This article from Troy Hunt](https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/) covers everything you need to know. I implemented these changes, they made everyone’s lives easier because there were less lock outs, less password issues and therefor less service desk tickets. My users also love only having to change their password once per year.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.