Enough already with the strength meters and frequent changes says security agency
11 Sep 2015 at 04:58, Darren Pauli
Britain's spy agency the GCHQ has changed its password security guidance in a new document offering sensible advice that, if followed, should harden systems and make life easier for admins and users.
The guidance advocates a ban on password strength meters, mandatory resets, and predictable combinations, instead encouraging brute force rate limiting and reduced access controls.
The advice is not for the likes of GCHQ itself who should maintain their own air-gapped faraday cages security systems according to risk appetite.
The guide covers the obvious such as how passwords can be cracked and the need to change from pre-installed defaults, but also offers solid advice that admins should only dole out passwords where they are required and allowing the use of password storage lockers.
Full Article