OUR ADVICE ON PASSWORDS

Strong password policies are essential for keeping organisations secure and protect against various threats, including unauthorised access and hacking.

While most password policies require regular changes, typically with passwords that are lengthy and random, we recommend a different approach. We advise both our employees and customers to create strong passwords that combine uppercase letters, numbers and special characters, however we do not mandate regular password changes for multiple reasons.

The National Cyber Security Centre (NCSC) believe that it’s more of a security risk to actively force users to change their passwords. They summarise it perfectly, “It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack”.

This is also reinforced by the National Institute of Standards and Technology (NIST). They state that “contrary to popular belief and prior standards, NIST does not suggest frequent password changes”. They explain “individuals who are asked to change passwords frequently are much more likely to reuse an old password and merely append a number, letter, or special character to the end of it”. Experienced hackers know this trick and can predict minor changes. Moreover, if a previous password has already been compromised, any derivations of that password, including singular changes to characters, are more easily breached in the future.

Here at Pentagull, we have introduced Single Sign-On (SSO) to further enhance security. With SSO, users only require one set of credentials to access multiple systems, reducing the number of passwords required which could potentially be compromised. In addition, Single Sign-On only uses one trusted identity provider to authenticate users. This centralisation results in security protocols being more robust with advanced measures, such as multifactor authentication (MFA) being adopted for an extra layer of security.

On ESB, we have system monitoring tools which provide useful information, such as the last successful login of a user and the most recent date their password was changed. With this information we can inform users if we believe their account has been compromised, or simply ask the question to ensure it was them.

For more information please read what the NCSC say regarding frequent password changes.

Other news stories

Garden waste gets a new string to its bow
Garden waste gets a new string to its bow

We have added a new payment option to our garden waste service!

MANCHESTER TO BLACKPOOL CHARITY BIKE RIDE 2024
MANCHESTER TO BLACKPOOL CHARITY BIKE RIDE 2024

It’s approaching that time of year again! On 14th July, cyclists will be gathering at Salford Quays for one of the biggest fundraising cycle events in the UK to raise vital funds for The Christie Charity.

Stirling Council Go-live with our HWRC Booking system
Stirling Council Go-live with our HWRC Booking system

We have yet another go-live to shout about! Here at Pentagull we are very pleased to announce that Stirling Council are the latest to benefit from our industry-leading HWRC booking system.

Implementation Specialist Lewis Takes on 40-Mile Trek for Charity in Annual K2B Event
Implementation Specialist Lewis Takes on 40-Mile Trek for Charity in Annual K2B Event

This weekend, on Saturday 11th May, our implementation specialist Lewis Hogarth is gearing up to tackle a formidable challenge: walking 40 miles from Keswick to Barrow as part of the annual K2B charity event.

Another huge go-live to shout about!
Another huge go-live to shout about!

It’s been an extremely productive start to the year for everyone here at Pentagull and we are very happy to announce that HW Martin Waste LTD are the latest to go live with our hugely in demand HWRC Booking system.