Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

02:00 PM
Joan Goodchild
Joan Goodchild
Edge Features

10 Security 'Chestnuts' We Should Roast Over the Open Fire

These outdated security rules we all know (and maybe live by) no longer apply.

Roast: Use Complex Passwords. Change Them Periodically.

"Passwords have almost zero redeeming value left at this point, especially with how many breaches have already compromised so many of them," says Akamai CSO Andy Ellis. "The password complexity requirements -- almost perfectly designed to make them hard for humans to remember -- added to rules like 'don't write them down' have created incentives for most humans to reuse passwords. And a password breached at one site is useful for breaking into another one. So let's retire the password rules and look at some options."

Among his suggestions: "If you would let a user reset a password with a click from a known email account, consider moving to email based login," he says. "If you need something stronger, use a push-based MFA."

Aaron Turner, president and CSO of HighSide, also thinks the password should be swapped out for other forms of authentication. But for those not ready to give them up, the time-driven reset should be done away with completely, he says. It is an outdated practice that no longer holds up against current attack methods of calculating password patterns.

(Image: designer491, via Adobe Stock)

(Continued on next page)

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
2 of 11
Print  | 
More Insights
Flash Poll