You should change your password every couple of months right? That used to be what security experts recommended and many workplaces forced you to come up with new passwords every few weeks.
These days, security experts like Microsoft Security Chief, Bret Arsenault, say that doesn’t do much good. People tend to just make small alterations to existing passwords because it’s hard to remember so many new ones. In fact, at Microsoft, employees are no longer required to change their passwords every 71 days. The company temporarily set the expiration dates for passwords to a year back in 2019. When they discovered no security problems popped up as a result of the change, they switched to passwords with no expiration date. In a video posted on Microsoft’s website, he said. “Passwords are inherently insecure and requiring employees to change their corporate password every few months is frustrating and frequently futile.”
According to Arsenault, the problem is that usernames and passwords are “know something/ know something.” That means the user has to know two pieces of information and if anyone else gets that information they can reuse it.”
He says the idea of “know something/have something” works better. What he’s talking about is multi-factor authentication. That requires you to enter a code or use an authentication app.
However, he says that’s still a lot of work for most people, so he decided to switch his focus to how to eliminate the need for passwords completely. Something he calls “be something” as opposed to knowing or having something.
Arsenault prefers biometric security like facial recognition and fingerprint readers, both of which are available on newer phones and computers.
I believe it is time to do away with passwords. After I got over my initial fear of using 2FA (is that term even used anymore?) I find it very easy to use 2-factor for ID and I feel secure using it now. I believe it’s a much better way to identify myself. Everyone has (and uses) cell phones now and we always have one close by. UMC (United Medical) recently got hacked here so every one of my medical records, along with Humana records are out there somewhere. That includes passwords, too? This Hacking goes on daily, somewhere in the U.S. I have a 3×5 box FULL of my passwords to websites I’ve been to so I don’t have a fear of losing them, plus Google keeps them for me too, but just how secure are they?