Cheron Wheal No Comments

Within the first Quarter of 2019 Malware attacks increased by 22%, compared to the first quarter of 2018. According to Amin Hasbini, head of global research and analysis for Kaspersky in the Middle East, Turkey and Africa, this means that there are about 13 842 attempted cyber attacks in South Africa per day.

According to the blog Devolutions, In the past NIST (US National Institute of Standards and Technology) urged companies to enforce two longstanding password management policies: one requiring users to choose highly complex passwords and the other requiring users to change their passwords regularly.

However, recently,  NIST has changed their stand point and are now encouraging companies to let users choose simple passwords (not ridiculously simple) and no longer require them to change their passwords on a regular basis. In doing this NIST hopes to close the gap between what users are supposed to do in theory, and what many of them do in reality.

In Theory users are supposed to understand the importance of password management and therefore actively and willingly choose highly complex passwords for each account and change them regularly.

However, in practice, too many users fail to understand the importance of complex passwords and regular changes. As a result of this they will use the same complex password for multiple accounts, and when they are encouraged to change their password, they use something similar to the original – making their account easier to hack.

Best Practices:

To adapt to this new normal, in the world of passport management, it is recommended to adopt the following best practices:   

1. Screen Your Passwords

Screen any of your new passwords against a list of commonly used ones.

2. Use Passphrases instead of Passwords.

 A passphrase is much longer than a regular password – making your account far less vulnerable for attack.

3. Implement 2FA

It might not be bullet proof, however implementing two factor authentication will help fight against unauthorised access.

 

You can read the full article here: https://blog.devolutions.net/2019/03/surprise-nist-changes-course-and-advises-against-regularly-changing-passwords