@BritishGasHelp @srobertson92 A few things to help you out from your friendly British security researcher:
1) Shorter passwords are easier to remember which is what makes them weak and easy to guess. This means it's more likely someone else will have access to it, not less likely.
1) Shorter passwords are easier to remember which is what makes them weak and easy to guess. This means it's more likely someone else will have access to it, not less likely.
@BritishGasHelp @srobertson92 2) Allowing someone to have an easy to remember 8-10 character password doesn't mean you need to prevent someone else from having an ultra-secure 64 character password. It's possible for both of these things to coexist, and they should.
@BritishGasHelp @srobertson92 3) Weak passwords do not protect customer data, they do the opposite and put customer data at risk. We should be encouraging stronger passwords and the use of password managers.
@BritishGasHelp @srobertson92 Our National Cyber Security Centre (@NCSC) here in the UK, part of GCHQ, have some good guidance on passwords that you can pass along: ncsc.gov.uk/collection/pas…
@BritishGasHelp @srobertson92 @NCSC Here's a more recent article from the NCSC with further guidance around passwords: ncsc.gov.uk/blog-post/pass…
@BritishGasHelp @srobertson92 @NCSC The truth is that's it 2020, almost 2021, and a 10 character limit on passwords just doesn't cut it any more and short of legacy restrictions in your application, there's no valid reason to have the maximum so low.
@BritishGasHelp @srobertson92 @NCSC There's plenty of good, free, information and guidance out there and plenty of people in industry that'd be willing to give pointers (👋), but it's definitely time to update your password requirements.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
