The automatic password expiration date never made total sense. If one has a great password that has not been compromised, then why change it.
I mean, what are the odds the new one is any better and would not be hacked sooner?
There is some logic to it and it does make some sense for certain individuals and companies that would be natural targets for being attacked but for most individuals it really had no value.
Plus if one combines this with the change of passwords to the series of four words that is virtually unbreakable today, then the password should not require changing unless there is an indication that the password has been stolen.
Above graphic image from: xkcd.com/936
While this is the latest in password technology, it is not the final word – more changes will come.
For example, biometric and other types of password validation methods will become the norm as well. And just as keyboards may fade away over time, so might today's traditional passwords.
Cyber attacks will continue to grow over time and executives will remain accountable for taking the steps necessary to protect corporate data.
While there may be dependencies on the application and system vendors that incorporated password methodologies, small business owners and IT executives should modify relevant configurations and policies where possible to address the changes. This shift to the new directives should get priority and the word disseminated to employees and users of company systems.
Small business owners and IT executives should update their password methodologies to incorporate the latest NIST thinking and implement it throughout the organization as quickly as possible.
About the author
Mr. Braunstein serves as Chairman/CEO and Executive Director of Research at the Robert Frances Group (RFG). In addition to his corporate role, he helps his clients wrestle with a range of business, management, regulatory, and technology issues.
He has deep and broad experience in business strategy management, business process management, enterprise systems architecture, financing, mission-critical systems, project and portfolio management, procurement, risk management, sustainability, and vendor management. Cal also chaired a Business Operational Risk Council whose membership consisted of a number of top global financial institutions.