Why do we need to control passwords?
Many companies have outdated password rules that make it challenging for employees to manage. Some rules even make passwords less secure.
Several years ago, the National Institute of Standards and Technology (NIST) released its recommendations for passwords in the workplace. At the time, they seemed wise. However, many organizations and security firms have studied how passwords are used and how much they protect businesses.
Turns out, many of the “best practices” we’ve been taught are not helping and, in some cases, are making company data less secure. How? Many companies were enforcing outdated rules their IT departments taught them: random strings of numbers, letters, and capitalization would make for strong passwords.
We’ve found that random passwords are very difficult for most people to recall. So, people end up creating bad habits: like writing passwords on sticky notes and pasting them to their monitors or under their keyboards. They would reuse complex passwords on multiple sites, meaning their entire identity could be breached.