OUR ADVICE ON PASSWORDS

Strong password policies are essential for keeping organisations secure and protect against various threats, including unauthorised access and hacking.

While most password policies require regular changes, typically with passwords that are lengthy and random, we recommend a different approach. We advise both our employees and customers to create strong passwords that combine uppercase letters, numbers and special characters, however we do not mandate regular password changes for multiple reasons.

The National Cyber Security Centre (NCSC) believe that it’s more of a security risk to actively force users to change their passwords. They summarise it perfectly, “It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack”.

This is also reinforced by the National Institute of Standards and Technology (NIST). They state that “contrary to popular belief and prior standards, NIST does not suggest frequent password changes”. They explain “individuals who are asked to change passwords frequently are much more likely to reuse an old password and merely append a number, letter, or special character to the end of it”. Experienced hackers know this trick and can predict minor changes. Moreover, if a previous password has already been compromised, any derivations of that password, including singular changes to characters, are more easily breached in the future.

Here at Pentagull, we have introduced Single Sign-On (SSO) to further enhance security. With SSO, users only require one set of credentials to access multiple systems, reducing the number of passwords required which could potentially be compromised. In addition, Single Sign-On only uses one trusted identity provider to authenticate users. This centralisation results in security protocols being more robust with advanced measures, such as multifactor authentication (MFA) being adopted for an extra layer of security.

On ESB, we have system monitoring tools which provide useful information, such as the last successful login of a user and the most recent date their password was changed. With this information we can inform users if we believe their account has been compromised, or simply ask the question to ensure it was them.

For more information please read what the NCSC say regarding frequent password changes.

Other news stories

Blue Badge Management System Go-Live
Blue Badge Management System Go-Live

Here at Pentagull we are thrilled to announce our recent go live of our Blue Badge Management System for Staffordshire County Council.

Its that time of year where we like to give a gift!
Its that time of year where we like to give a gift!

This year, we have chosen to participate in Dunelm Mills' Delivering Joy Campaign again; find out more, including how to join in.

G-Cloud 14 Award
We are officially in G-Cloud 14

We are pleased to announce that we have been named as a supplier for the Crown Commercial Service’s (CCS) G-Cloud 14.

Garden waste gets a new string to its bow
Garden waste gets a new string to its bow

We have added a new payment option to our garden waste service!

MANCHESTER TO BLACKPOOL CHARITY BIKE RIDE 2024
MANCHESTER TO BLACKPOOL CHARITY BIKE RIDE 2024

It’s approaching that time of year again! On 14th July, cyclists will be gathering at Salford Quays for one of the biggest fundraising cycle events in the UK to raise vital funds for The Christie Charity.