OUR ADVICE ON PASSWORDS

OUR ADVICE ON PASSWORDS

Strong password policies are essential for keeping organisations secure and protect against various threats, including unauthorised access and hacking.

While most password policies require regular changes, typically with passwords that are lengthy and random, we recommend a different approach. We advise both our employees and customers to create strong passwords that combine uppercase letters, numbers and special characters, however we do not mandate regular password changes for multiple reasons.

The National Cyber Security Centre (NCSC) believe that it’s more of a security risk to actively force users to change their passwords. They summarise it perfectly, “It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack”.

This is also reinforced by the National Institute of Standards and Technology (NIST). They state that “contrary to popular belief and prior standards, NIST does not suggest frequent password changes”. They explain “individuals who are asked to change passwords frequently are much more likely to reuse an old password and merely append a number, letter, or special character to the end of it”. Experienced hackers know this trick and can predict minor changes. Moreover, if a previous password has already been compromised, any derivations of that password, including singular changes to characters, are more easily breached in the future.

Here at Pentagull, we have introduced Single Sign-On (SSO) to further enhance security. With SSO, users only require one set of credentials to access multiple systems, reducing the number of passwords required which could potentially be compromised. In addition, Single Sign-On only uses one trusted identity provider to authenticate users. This centralisation results in security protocols being more robust with advanced measures, such as multifactor authentication (MFA) being adopted for an extra layer of security.

On ESB, we have system monitoring tools which provide useful information, such as the last successful login of a user and the most recent date their password was changed. With this information we can inform users if we believe their account has been compromised, or simply ask the question to ensure it was them.

For more information please read what the NCSC say regarding frequent password changes.

Other news stories

HWRC News Story
Pentagull’s HWRC Booking Revolution

What started with a simple question, “Could you build us a tip booking system by Monday”  has become a cornerstone of modern waste site management.

Cumberland Story
Waste Not, Want Not: Cumberland’s Journey to Smarter Services

Take a look at the work we have been doing with the new Cumberland authority to bring together their waste systems.

Manchester To Blackpool 2025
MANCHESTER TO BLACKPOOL CHARITY BIKE RIDE 2025

It’s approaching that time of year again! At Pentagull, we’re proud and excited to once again sponsor one of the biggest fundraising cycle events in the UK to raise vital funds for The Christie Charity.

South Glos Go Live
We’ve been as busy as ever at Pentagull over the past few months!

South Gloucestershire Council have recently launched our HWRC Booking and Permit System, taking a significant step forward in managing site access and improving operational efficiency.

Bromley Hwrc Go Live
London Borough of Bromley go-live with our industry leading HWRC Booking System

With approximately 300,000 visitors annually, LBB determined that a booking system was necessary at Churchfields Road to manage traffic flow and visitor volumes

Staffordshire Blue Badge Go Live Template
Blue Badge Management System Go-Live

Here at Pentagull we are thrilled to announce our recent go live of our Blue Badge Management System for Staffordshire County Council.