Retrospective: Password Aging

A look back at 2008

And a radical manifesto of the timer
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .

In 2008 I wrote an article, published in Hoosier Banker magazine, that we have since called “The Password Manifesto.”

In 2023, I asked ChatGPT to summarize that article.  Here’s the summary:

The article, titled “Sometimes Say Never: A Manifesto!” by Dan Hadaway, discusses the topic of password aging and proposes a paradigm shift in the way it is managed. Pointing out that the control was developed in the 1980’s, when it took more than 90 days to guess a password, the author challenges the conventional practice of forcing users to change their passwords regularly, and argues that it may not be the most effective security measure.

Dan highlights that enforcing frequent password changes can lead to weaker passwords, increased support costs, and the likelihood of passwords being written down. Instead, he suggests that strong awareness training and implementing strong password guidelines can significantly improve security.

The author presents a concept called the “core password,” where users have one strong core password for their business accounts and a different one for personal accounts. Descriptors are added before or after the core password to help users remember their passwords for different applications.

Dan proposes that in certain circumstances, organizations should consider extending the password expiration requirement to “never” for network logins if strong awareness training is in place. This approach, combined with strong passwords, can reduce the risk that password expiration was initially designed to mitigate.

Overall, the article calls for a reevaluation of password aging policies and advocates for a stronger focus on education and encouraging users to adopt strong, unique passwords.

Original article by Dan Hadaway CRISC CISA CISM. Founder and Information Architect, infotex

Dan’s New Leaf” – a fun blog to inspire thought in  IT Governance.



Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...