The problem with forcing regular password changes

20 April 2023
Password Changes

There are a number of problems with making users to regularly change their passwords.

It can lead to users selecting weaker passwords. When users are forced to change their passwords regularly, they may choose simple passwords that are easy to remember. These passwords are easier to guess by cyber attackers.

Forcing users to change their passwords regularly can lead to password reuse. When users have to change their passwords often, they may start to use the same passwords across different accounts. This makes it easier for cyber attackers to gain access to multiple accounts if they compromise one account.

Imposing users to change their passwords frequently can be inconvenient for them. It is difficult to remember multiple passwords, so users may be more likely to write them down if they have to change them regularly. This may create a risk if the password is written down in a place where it can be accessible by others.

Therefore, forcing users to change their passwords frequently does not provide a significant security benefit.

Here are some tips on making password secure in your organisation.

  • Enable multi-factor authentication (MFA) throughout your organisation as this adds another layer of security.
  • Enable single sign-on (SSO) for all business systems so users do not have to remember multiple passwords and MFA is easier to implement.
  • Enforce a password policy where users need to enter strong passwords such as a mix of upper and lowercase letters, numbers, and symbols and longer character length.
  • Get IT to regularly monitor login activity to look for multiple failed login attempts or attempts from unusual locations
  • Create awareness of cyber threats with your users with a security policy and training. Include topics such as:-
    • Do not share your password with anyone, including IT
    • Avoid using the same password for business and personal use as personal accounts may be easier to compromise
    • Avoid using personal information such as your name, birthday etc.
    • Enable MFA on all your accounts.
    • If they believe they have been compromised inform IT immediately

If a user has been compromised or may have disclosed their password to others, then a password change should be enforced.

Please speak to one of our consultants at Archway Securities for more information on cybersecurity.

Our latest blog posts

Archway Securities, putting you in safe hands

In an age where digital threats are incessant, choosing the right partner for your cybersecurity needs is paramount. At Archway Securities, we stand out as a beacon of trust, offering tailored solutions designed to safeguard your business, data, and reputation. Our team of seasoned experts, armed with the latest technology, ensures that your digital infrastructure remains one step ahead of evolving threats. With a commitment to proactive threat detection, compliance assurance, and 24/7 support, Archway Securities is your dedicated ally in navigating the complex landscape of cybersecurity. Choose confidence, choose Archway Securities.

Archway Securities, putting you in safe hands

How Archway can help your business

Penetration Testing image
Business Impact Assessment
Risk Management image
Penetration Testing
Business Continuity Management image
Phishing Assessment
Penetration Testing image
Risk Management
Risk Management image
Threat Detection Solutions
Business Continuity Management image
Business Continuity Management
Our approach to security

Schedule a consultation

Archway Securities can help SMEs protect themselves against cyber-crime. Schedule a consultation with our team to find out how we can help you.