Chris Mayers, Chief Security Architect, Citrix, commented on the on the Government’s new password guidance.
[su_note note_color=”#ffffcc” text_color=”#00000″]Chris Mayers, Chief Security Architect, Citrix :
“For more than ten years, security professionals have been saying that conventional password policies are senseless. It’s ludicrous to expect people to think up complex passwords, remember them, and then change them frequently. The most egregious is the “three strikes” rule for password attempts, which has no scientific justification whatsoever; research in 2003 showed that 10 attempts was a reasonable number.
“Now, the government has issued “Password guidance: simplifying your approach”. Like other recent government security guidance, it is brief, clear, and self-explanatory – a model that industry should follow. Here’s another simple rule from the guidance: ‘Regular password changing harms rather than improves security, so avoid placing this burden on users. However, users must change their passwords on indication or suspicion of compromise.’
“There’s an accompanying infographic. If you are the security chief, print it out, and hand it to your team to action. If you’re not, slide a copy under the security chief’s office door.”[/su_note][su_box title=”About Citrix” style=”noise” box_color=”#336588″]At Citrix, we measure the value of technology by how it benefits people. It’s about what they need to do and what they need to achieve. This vision inspires us to build mobile workspace solutions that give people new ways to work better with seamless and secure access to the apps, files and services they need on any device, wherever they go.
Because in this new era, work is no longer a place – it’s something you do anywhere inspiration strikes. This is better for people, better for IT and better for business. Through our innovation, commitment and a compelling vision of the future of work, we’re making a difference every day at thousands of organizations in every corner of the globe. What we do at Citrix is more than a game changer; it’s a life changer.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.