With Marshal John Mdeza:
Microsoft has been evangelising the ‘change your passwords often’ gospel for as long as I can remember. Microsoft actually made the practice obligatory for its server software.
It was mandatory for office workers connected to company’s network to change passwords every other 60 days. An annoying message would pop up reminding the user the number of days left before access would be denied if a password were not changed. Microsoft made it even harder in the recent years by reducing the number of days before a password reset was required to 42.
Microsoft convinced us this was important to curb the bad habit of people sharing passwords. People, being what they are, may share passwords to even outsiders and compromise a computer system for an company. By changing the passwords so often, intruders to the system would have limited time to unleash havoc. Fair enough.
Microsoft has admitted that this is a rugged piece of software dogma. Today’s hackers are much more sophisticated and need not that much time. 60 or 42 days is actually too much time for them. If a password leaked today, a hacker would only need minutes to cause every imaginable trouble.
Microsoft further reveals that a password reset is actually a vulnerability. It exposes a computer system to attacks. You must be surprised; probably you have believed for many years that changing a password so often protects your corporate computer system. Well, I have some bad news for you.
It is human behaviour that people hate to remember passwords. That is made even worse when people have to memorise new passwords every other 42 days. So what do people do? They choose simple passwords that are easier to remember.
This is the reason people use passwords as password, password123, password12345 and other easier variants. What is wrong with such passwords? You may be asking. Such passwords are very predictable and makes the work of a hacker so easy.
Do you want to prove it? Pick a reasonable number of Wi- Fi connections and try to log in with variants of password; password123, password1234 and whatever, I assure you that you will thank me for it. I am not saying that you should do this; I am just emphasising a point.
What shall we then do about these things? Microsoft recommends that system administrators should encourage users to use strong passwords; with a combination of letters, special characters, numbers and upper and lower cases.
Microsoft will soon withdrawal the change-password enforcement in its future Windows Server versions.
That is the thing about technology; what may have been a truism yesterday may turn into a fallacy tomorrow. Have the ears of the hare! Otherwise it does not take that long for professionals to be outdated in this field.
I have warned you.
A vibrant writer who gives a great insight on hot topics and issues