We do not possess the ability to read the future, and yet we can predict with a high level of certainty that we will see more major cybersecurity incidents in 2016 and 2017.
The world’s cybersecurity capability is not able to advance in line with the growing vulnerabilities. We are faced by more and more threats each day, and hackers are becoming more sophisticated.
Why? Because in the essential early stages, the internet was not designed with security in mind, but rather to ensure connectivity.
Hence, dear IT managers, it’s time we talk. First of all, we know you mean well.
We know you think you’re helping, but when you request that your co-workers’ passwords change frequently (e.g. four times a year), you’re not just driving them mad, you’re actively making your systems less secure.
And we claim this based on the scientific research.
In short, the research showed that when people are forced to change their passwords on the regular, they don’t put a whole lot of mental muscle behind it. Instead, people tended to create passwords that followed predictable patterns e.g.
- changing a letter to similar-looking symbol (for example changing an S to a $),
- – adding or deleting a special character (for example, going from three exclamation points at the end of a password to two),
- -switching the order of digits or special characters (for example moving the numbers to the beginning instead of the end).”
Admit, that sounds familiar, even to you IT specialists, right? We all love routine, right? It’s how our brains work. Hackers love that we love routine, too. If not, you are a password hero..
So better teach your employees how to create a strong password, rather than forcing them to change them regularly.