Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Business online password renweal

Options
  • 15-09-2015 12:58pm
    #1
    bappelbe
    Registered Users Posts: 283 ✭✭


    Hi
    Why does the Business online need to renew passwords at such a frequent rate?


    You get 3 attempts to login and then the admin must reset your account.
    This provides enough security, I do not see the benefit of adding a 90 day change (to one not used in the last x number of times) requirement.
    It only serves to make people choose easy to remember passwords and in a sequence (eg password1, password2 etc) and write them down near their computer.
    The other thing it does is get the admin having to reset users that have gotten confused where in the list of passwords they are.

    read this from the UK government:
    https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf
    Note page 6 about renewal.

    Assuming you have adequate salting on the server side, even a hacker who gets into the server will not get the passwords (a la Ashley Madison etc). The three attempts stops a dictionary attack (which could also be stopped be an increasing time length that a user cannot log on after each failed attempt).

    end rant ;-)


Comments

  • Options
    #2
    Bank of Ireland: Sarah
    Closed Accounts Posts: 1,640 ✭✭✭Bank of Ireland: Sarah


    bappelbe wrote: »
    Hi
    Why does the Business online need to renew passwords at such a frequent rate?


    You get 3 attempts to login and then the admin must reset your account.
    This provides enough security, I do not see the benefit of adding a 90 day change (to one not used in the last x number of times) requirement.
    It only serves to make people choose easy to remember passwords and in a sequence (eg password1, password2 etc) and write them down near their computer.
    The other thing it does is get the admin having to reset users that have gotten confused where in the list of passwords they are.

    read this from the UK government:
    https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf
    Note page 6 about renewal.

    Assuming you have adequate salting on the server side, even a hacker who gets into the server will not get the passwords (a la Ashley Madison etc). The three attempts stops a dictionary attack (which could also be stopped be an increasing time length that a user cannot log on after each failed attempt).

    end rant ;-)
    Hi bappelbe,

    Thank you for your post. 

    We appreciate you taking the time to send us in your feedback here regarding security on Business On Line. While these password renewal steps are in place to ensure our users are secure when using Business On Line, we will certainly pass on your comments to our Business On Line team. 

    If there's any other query we can help with please let us know.

    Thanks
    Sarah


  • Options
    #3
    bappelbe
    Registered Users Posts: 283 ✭✭bappelbe


    Bank of Ireland: Sarah wrote: »
    While these password renewal steps are in place to ensure our users are secure when using Business On Line, we will certainly pass on your comments to our Business On Line team. 
    My point is that this does the exact opposite of ensuring your users are secure


Advertisement