One of the focuses of the Windows 10 operating system was its improved security overall. While it does still dwarf it’s older versions in comparison; one aspect even your Operating System can’t fix by itself is – user behavior.
That’s right, your operating system, can only assist, guide, or require you to change your password, never focusing on its complexity. Microsoft has long stood-by their policies, that passwords should expire after so many days, to prevent compromised credentials. Having done numerous studies, when push comes to shove in most cases employees are forced to change passwords, they make a small alteration to the existing password and hit save. For many, this includes symbols and numbers tagged to the beginning or end of our credentials, to fulfill this task, before beginning our work.
In Microsoft’s latest release Feature Update #1809, they’ve updated password policies in the operating system’s including many changes to native application’s security baseline, making ALL passwords expire by force. Although this doesn’t impact password length, history, or complexity we’re moving towards much more secure environments. As many of these vulnerabilities, 77 in total related to business-line products used in our everyday working life. These won’t be the only changes, those utilizing the following Microsoft Solutions will receive security updates for two zero-day events: Internet Explorer, Microsoft Edge, Microsoft Office, Azure DevOps, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.
Business’ and their employees should always focus on having a security-focused mindset, whether from Security Awareness Training, or just knowing what role passwords play in an attack. To sufficiently secure your data, organizations seek updated security tools to address their concerns and look towards in-house experts and close working relationships to build the latest guidance for securing employees and business data.
- Banned Passwords
Built to battle simple passwords, sticking with default passwords, makes it much less frustrating to hackers. By stopping employees who are using passwords like “123456” and “1Password!!” your organization can block the use of these commonly stolen credentials, making it more secure for the employees.
- Multi-Factor Authentication
Known by many as “MFA,” it’s grown common practice for most industries to require every employee within the organization to utilize more than one path for authentication. This company stance should be leveraged across your entire business, even if they ONLY have access to email.
By employing the use of these alternative controls, businesses can begin leveraging employees as their first line-of-defense. Begin to offset the potential for increased security vulnerabilities and risks, commonly seen today, educating your employees on proper password hygiene, length, and complexity, your business can easily meet the security needs of your customers and your employees.
Want the experts to educate your staff and assist your network hygiene efforts – give us a call today!