Month: November 2017

Categories
Knowledge Support exacqVision Client Categories

Why do we enforce password complexity ?

Why do we enforce this complexity?

As the threat from cyber-attacks continues to rise, cyber-protection measures have become critical to combat these threats. Like many other technology leaders, Exacq has implemented the use of complex passwords as one measure to combat potential cyber-attacks.

Password cracking programs are one of the tools hackers use to gain unauthorized access to systems, and some of these programs can test over 100,000 passwords per second. To decrease the chances of a password being discovered by one of these programs, the usage of complex passwords is highly recommended, as passwords that contain common words or letter combinations are much more susceptible to being cracked. 

<br>

What is the rule for password complexity?

Complex passwords typically follow the same basic requirements, such as a minimum number of characters and the usage of a special character, a capital letter, and a number. Exacq products require a password of at least 8 characters, including a special character, a capital letter, and a number. It’s highly recommended to use a group of random letters together as opposed to a word or phrase, as this greatly decreases the chance it will be discovered by a password-cracking algorithm.

<br>

How will I know what password is acceptable?

When entering a new password, a tool tip will appear that updates as you type to let you know what characters are missing from the complexity. Your password will also be checked against a list of commonly used passwords to prevent their use and make it less likely for an attacker or unauthorized user to guess your credentials. If any of the fields are highlighted in red the password has been deemed unacceptable. Complexity rules do not apply if you choose to use a passphrase of 20-characters or longer. 

<br>

Does it affect current accounts with passwords that don’t comply?

No – Users with legacy passwords can still access the system. Complex password enforcement only applies when creating new user accounts or changing an existing user’s password.

<br>

Why-do-we-enforce-password-complexity.pdf