Richard Walters at Intermedia commented on the Password guidance: simplifying your approach, which suggests that complex passwords are no longer recommended.
[su_note note_color=”#ffffcc” text_color=”#00000″]Richard Walters, General Manager and Vice President of Identity and Access Management (IAM) at Intermedia :
“The report from CESG is full of excellent advice on improving password security. Much of the advice is only relevant to in-house applications and does not apply to SaaS based applications where password complexity, policies and account locking is in the hands of the SaaS vendor. Certainly reducing or removing the human element from password selection and change is positive – and particularly powerful when combined with Single Sign-On (SSO). Users do not need to know their passwords to individual applications – and so they can be long, strong and unique across each service or account. Passwords can also be changed frequently and become more similar to the tokens and assertions used within federated identity standards. Passwords should wherever possible be combined with other technologies and techniques. Two-factor authentication is obvious – using push notifications for an improved user experience. Less obvious is looking at contextual information at the moment an access request is made. Where is the user? Are they in a trusted location and geo-location (country)? Are they using a trusted device? If the answer to one or both of those questions is ‘no’ then perhaps the risk associated with allowing access is too high – regardless of whether the password supplied is correct or not. After all, passwords are far from impossible to discover as the CESG report points out”.[/su_note]
[su_box title=”About Intermedia” style=”noise” box_color=”#336588″]Intermedia is a one-stop shop for cloud business applications. Its Office in the Cloud(tm) suite integrates the essential IT services that SMBs need to do business, including email, file syncing and sharing, conferencing, instant messaging, identity and access management, mobility, security and archiving. Office in the Cloud goes beyond unified communications to encompass a wide breadth of fundamental IT services, delivered by a single provider.Think of Office in the Cloud as your “Business Cloud Platform.” Intermedia’s services are integrated into its HostPilot(R) Control Panel. This means you’ve got just one login, one password, one bill and one source of support–which makes the cloud easier to use and more efficient to manage.Intermedia further streamlines the experience by offering enterprise-class security, a 99.999% uptime service level agreement and 24/7 phone support with typical hold times of less than 60 seconds.Intermedia serves over 65,000 businesses and has more than 5,500 active partners, including VARs, MSPs, telcos and cable companies. Its award-winning Partner Program lets partners sell under their own brand with control over billing, pricing and other elements of their customer relationships. Intermedia is the world’s largest independent provider of hosted Exchange.
Intermedia has over 600 employees worldwide who manage numerous datacenters to power its Office in the Cloud–and who work to deliver customers and partners Intermedia’s Worry-Free Experience(tm).[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.