Video of the Week – How Forced Expiration Affects Password Choice

Data Security Hacker Password Security Breach Mobile Patch TheftBruce K. Marshall delivered this great presentation discussing the history, research, and his thoughts on the “best practices” for password expiration at the Passwords 14 conference earlier this month in Las Vegas, NV. From the abstract – “Forcing users to regularly change passwords has become a standard practice for corporate networks and some web sites. But does it it actually improve security or lead to more guessable passwords?”

Although Bruce offers no concrete conclusions on if we should keep or do away with password expirations, it’s worth a watch for a lot of great historical references (e.g., green book of the original DoD Rainbow series) and a nice consolidation of research on both sites of the argument from the past 20 years. The general feel I took away from the presentation is that we need to either do away with password expirations or extend them to be much longer (e.g., a year or more) due to human factors. And if you have data so sensitive that you should change passwords more often, two-factor authentication should be used instead. But of course I’ll caveat this gut feel with the two most despised words in infosec – “it depends.”

#####

Know of good videos we should feature? Let us know in the comments below. Today’s post pic is from TheInquirer.net. See ya!

1 comment for “Video of the Week – How Forced Expiration Affects Password Choice

  1. August 24, 2014 at 4:07 pm

    #NOVABLOGGER: Video of the Week – How Forced Expiration Affects Password Choice http://t.co/Df3Rxvx3Xs http://t.co/EDzUCPe5jU

Leave a Reply

Your email address will not be published. Required fields are marked *