There are a number of problems with making users to regularly change their passwords.
It can lead to users selecting weaker passwords. When users are forced to change their passwords regularly, they may choose simple passwords that are easy to remember. These passwords are easier to guess by cyber attackers.
Forcing users to change their passwords regularly can lead to password reuse. When users have to change their passwords often, they may start to use the same passwords across different accounts. This makes it easier for cyber attackers to gain access to multiple accounts if they compromise one account.
Imposing users to change their passwords frequently can be inconvenient for them. It is difficult to remember multiple passwords, so users may be more likely to write them down if they have to change them regularly. This may create a risk if the password is written down in a place where it can be accessible by others.
Therefore, forcing users to change their passwords frequently does not provide a significant security benefit.
Here are some tips on making password secure in your organisation.
- Enable multi-factor authentication (MFA) throughout your organisation as this adds another layer of security.
- Enable single sign-on (SSO) for all business systems so users do not have to remember multiple passwords and MFA is easier to implement.
- Enforce a password policy where users need to enter strong passwords such as a mix of upper and lowercase letters, numbers, and symbols and longer character length.
- Get IT to regularly monitor login activity to look for multiple failed login attempts or attempts from unusual locations
- Create awareness of cyber threats with your users with a security policy and training. Include topics such as:-
- Do not share your password with anyone, including IT
- Avoid using the same password for business and personal use as personal accounts may be easier to compromise
- Avoid using personal information such as your name, birthday etc.
- Enable MFA on all your accounts.
- If they believe they have been compromised inform IT immediately
If a user has been compromised or may have disclosed their password to others, then a password change should be enforced.
Please speak to one of our consultants at Archway Securities for more information on cybersecurity.