Passwords should be complex and changed regularly. Encryption should be implemented for any business critical information and especially for any information which is mobile or transported in any fashion. Why then do we still get asked the question “why do we need to change our passwords so often” and “do we have to have such difficult passwords”?
Admittedly a good policy is not to just enforce password changes and complexity, as that only satisfies the need for security without taking in to account the needs of the users, therefore, account lockout policies should not be applied haphazardly. While you increase the probability of preventing unauthorised access to your organisations information, you can also unintentionally lock out authorised users. This can be quite costly for your organization, in loss of productivity and inability to carry out functions which could be brand or perception affecting.
In the age of simplicity and self-service we’re big fans of the ability to synchronise user information, securely of course, using the Azure AD Service. Coupled with an on-site Appliance, which enables self-service password management, information is secure, organisations can easily adopt cloud services, providing employees and partners with an easy single-sign on experience. Most importantly users and administrators are frustration free as users are able to manage their own passwords without intervention. As long as they can remember their security questions!
All of which makes us happy. Our customers are secure from network attack and self-managing. Azure AD Basic is free and we use Nervepoint Technologies, a UK company, for our Self-Service Appliance, which in the non-Enterprise version, is free for unlimited users.