Troy Hunt is an Australian web security expert and creator of the ‘Have I Been Pwned?’ website that allows internet users to check if their personal data has been breached. In his latest blog post he pulls together information from a number of sources to give a fascinating and very practical guide to the ways in which we can keep our online accounts safe by improving our password etiquette – and how businesses should ensure users’ password security.
Hunt reviews all aspects of authentication – including how to make passwords more secure, the hazards of password hints, the value of password managers and how systems should react to multiple logon attempts. While he does not approve of compulsory password changes, as attackers generally exploit stolen passwords straight away, he does advocate the monitoring of logins to detect unusual use. His insistence that users should be notified of abnormal behaviour might not sit well with everyone, as notifications of this kind can (and already do) spiral out of control. More practically and arguably easier to implement, Hunt argues all previously breached passwords should be blocked.
There’s a whole lot more in this blog post, and if nothing else, it makes for an interesting read, illustrating the many possible pitfalls of password management.
Read the article in full at https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/