The creation and use of passwords is one of the areas where websites and mobile apps lay down rules for making them as safe as possible. However, a federal agency thinks some of the requirements do more harm than good to the industry.
A new proposal from the National Institute of Standards and Technology (NIST) has been proposed to protect people’s digital identities from fraud by developing some guidelines. One of them is banning password requirements, which cybersecurity experts have long considered obsolete. It is no longer necessary to request special characters, like “%” and “$,” for instance, for some type of input. It is also no longer necessary to ask users to identify their children’s favourite pet or their first pet as security questions.
First and foremost, it is important to understand why it is not only ineffective to change the password every six months but can make it more difficult to secure users’ accounts. When people are forced to change their passwords every few months or so due to security restrictions, they tend to choose the path of least resistance by simply changing a couple of characters within their existing passwords to achieve maximum security. This indeed makes the user’s new password easier to remember, however, it also means that hackers who have already accessed a user’s system or have run into an existing password they might have used before can easily guess the new password.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: