Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Business online password renweal

  • 15-09-2015 11:58am
    #1
    Registered Users, Registered Users 2 Posts: 283 ✭✭


    Hi
    Why does the Business online need to renew passwords at such a frequent rate?


    You get 3 attempts to login and then the admin must reset your account.
    This provides enough security, I do not see the benefit of adding a 90 day change (to one not used in the last x number of times) requirement.
    It only serves to make people choose easy to remember passwords and in a sequence (eg password1, password2 etc) and write them down near their computer.
    The other thing it does is get the admin having to reset users that have gotten confused where in the list of passwords they are.

    read this from the UK government:
    https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf
    Note page 6 about renewal.

    Assuming you have adequate salting on the server side, even a hacker who gets into the server will not get the passwords (a la Ashley Madison etc). The three attempts stops a dictionary attack (which could also be stopped be an increasing time length that a user cannot log on after each failed attempt).

    end rant ;-)


Comments

  • Closed Accounts Posts: 1,640 ✭✭✭Bank of Ireland: Sarah


    bappelbe wrote: »
    Hi
    Why does the Business online need to renew passwords at such a frequent rate?


    You get 3 attempts to login and then the admin must reset your account.
    This provides enough security, I do not see the benefit of adding a 90 day change (to one not used in the last x number of times) requirement.
    It only serves to make people choose easy to remember passwords and in a sequence (eg password1, password2 etc) and write them down near their computer.
    The other thing it does is get the admin having to reset users that have gotten confused where in the list of passwords they are.

    read this from the UK government:
    https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf
    Note page 6 about renewal.

    Assuming you have adequate salting on the server side, even a hacker who gets into the server will not get the passwords (a la Ashley Madison etc). The three attempts stops a dictionary attack (which could also be stopped be an increasing time length that a user cannot log on after each failed attempt).

    end rant ;-)
    Hi bappelbe,

    Thank you for your post. 

    We appreciate you taking the time to send us in your feedback here regarding security on Business On Line. While these password renewal steps are in place to ensure our users are secure when using Business On Line, we will certainly pass on your comments to our Business On Line team. 

    If there's any other query we can help with please let us know.

    Thanks
    Sarah


  • Registered Users, Registered Users 2 Posts: 283 ✭✭bappelbe


    While these password renewal steps are in place to ensure our users are secure when using Business On Line, we will certainly pass on your comments to our Business On Line team. 
    My point is that this does the exact opposite of ensuring your users are secure


Advertisement