Password Advice

Robust password policies are vital to help organisations remain secure and protect against a range of attacks such as unauthorised access or hacking.

Almost all password policies consist of regular password changes, which tend to be long and also as random as possible. We suggest to both our employees and customers that employing a strong password, with a mix of capitalised letters, numbers and special characters is the most effective way of reducing the chance of being compromised by unauthorised access. However, we don’t force regular password changes for several reasons.

The National Cyber Security Centre (NCSC) believe that it’s more of a security risk to actively force users to change their passwords. They summarise it perfectly, “It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack”.

This is mainly due to fact that most replacement passwords tend to be slightly different variations of previous ones. Users that are required to change their passwords on a regular basis are likely to choose weaker and weaker passwords each time to remember the most recent one. This behaviour can be exploited easily, for example if an attacker gets hold of a previous password, they’re likely to figure out the new one if it’s similar.

Another downside of frequent password changes is that it’s more likely that the new password will have to be written down to remember and left in vulnerable locations. Not to mention there’s an increased chance that a user might forget their password altogether.

At Pentagull we use system monitoring tools on ESB which provide useful information, such as the users last successful login and the most recent date that their password was changed. With this information we can inform users if we believe their account has been compromised, or simply ask the question to ensure it was them.

For more information click the following link to understand what the NCSC say regarding frequent password changes.

Other news stories

ESB 22.04 Released
ESB 22.04 Released

Pentagull is pleased to announce the release of version 22.04 of the ESB platform. This release continues the recent trend of incremental improvements to reliability and usability as well as providing some feature enhancements.

Pentagull welcomes another two customers!
Pentagull welcomes another two customers!

Pentagull are thrilled to announce that South London Waste Partnership’s (SLWP) HWRC booking system and Hertfordshire County council’s commercial waste booking system have both gone live and are already receiving a high volume of bookings.

Providing our support for Ukraine
Providing our support for Ukraine

We are horrified by what’s going on in Ukraine, as I'm sure you are. Particularly cutting are the scenes showing young children and families fleeing a war zone or worse. At least 3 million people have fled their homes to escape conflict in Ukraine. Leaving behind jobs, belongings and loved ones, they now face an uncertain future. This morning we made a donation to the Disasters Emergency Committee.

Things are all go at Pentagull at the moment!
Things are all go at Pentagull at the moment!

Here at Pentagull we are finishing the financial year off with a flurry of activity. South Lanarkshire Council are our latest customer to go live with our HWRC Booking System, meaning they are now seamlessly taking bookings for Carluke Recycling Centre.

ESB 22.01 Released
ESB 22.01 Released

Pentagull is pleased to announce the release of version 22.01 of the ESB platform. This release continues the recent trend of incremental improvements to reliability and usability as well as providing some feature enhancements.