Why selecting a good, but memorable password is Key.
Here at Why Settle we currently work off the ‘NIST guideline for password policies’. The current policy, since 2016 states that enforcing user password resets will increase risk.
Below are two articles which explains it pretty well:
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
https://www.sans.org/security-awareness-training/blog/time-password-expiration-die
As such, we usually implement the below password policy on clients domain, and email servers, meaning that your users can not choose a ‘bad’ password.
– We do not have a password expiration policy in place.
– “You must choose a strong password that contains 9 to 16 characters, a combination of letters, and at least one number or symbol”
Because of the above, the advice is – pick something long, secure and memorable, such as combining two or three words with punctuation.
Non-expiring passwords only work when a long and secure password is used, and the password is unique – not shared with other sites or logins.
Inside the office, we recently have been using a custom developed tool in order to aid in our password choice process, there is only so many random passwords a mind can create on helpdesk before repeating the same, or making bad passwords.
If it is of help to anyone, you can access it here:
https://whysettle.co.uk/passphrase/
p.s. Below is an example of good and bad password choice when subscribing to the above methodology.
| Bad | Good |
| Summer2020 (or any season!) | Daylight#Only!5 |
| Kidsname! (or KidsnameBIRTHDATE) | Bedroom/Circular*3 |
| Blue2019 | Most#Uppermost#4 |
| Apple20 | Hay*Lead#Band#0 |
We realise that this is only one of the many methods for creating a safe secure password, and also commend the use of password managers.
