#teissLondon2020: NCSC Shares Six Tips for Secure Password Management

#teissLondon2020: NCSC Shares Six Tips for Secure Password Management

Speaking at The European Information Security Summit in London, Helen L, technical director for sociotechnical security at the National Cyber Security Centre, discussed strategies for effective password management within the enterprise.





Helen L challenged common, traditional password management strategies, saying that “what looks good in theory and on paper, may not work in the real world.”





If a person who typically has around 50 different passwords across their work and home life conscientiously followed standard security advice, they would be expected to remember the equivalent of the order of nine shuffled decks of cards, she said.  





“I don’t think the average person using passwords would be able to do that,” she added, and traditional password security policies often lead to people using workarounds (such as reusing passwords, writing passwords down, sharing passwords, etc) that result in weaker security than to begin with.





Therefore, different approaches to password management are needed, Helen L said, highlighting six pieces of advice that the NCSC is promoting.





Tip one: Reduce your organization’s reliance on passwords



Passwords have been the default authentication method for too long and often used when another method is more suitable

Tip two: Implement technical solutions



Your system’s security should always rely on effective technical defenses rather than user behavior and so solutions should be used to remove the burden from users

Tip three: Protect all passwords



While all passwords should be protected, the accounts they protect are not all the same, so time and effort should be ..

Support the originator by clicking the read the rest link below.