Cloudbleed: Why Password Expirations Bolster Your Security

Recently, a company that manages 10 percent of all web traffic has been discovered to be leaking bits of customer information across the internet.  The company, CloudFlare, was relying on software that would occasionally provide different data than was requested. While most of this data was innocuous, some bits were definitely not – everything from unencrypted passwords to dating service messages were being returned to Google, and in some cases this was being stored for future searches by the general public.

This story provides an excellent example of why it’s important to require users to change passwords periodically, especially in modern times when almost everybody has signed up for, and frequently signs in to, multiples apps and web services.  You can set all sorts of password requirements. You can require certain lengths, uppercase letters, or even symbols.  One thing you can’t do, however, is ensure that your employees aren’t using the same password for dozens of different services.  If your employees use the same password for their work computer as they use for Yelp, Uber, or even their New York Times account, there’s a chance that the password they use to log onto their work computer has been leaked online.

If you require frequent password changes, however, it’s unlikely that their work password will match those used for any of these services.  Employees may have used the same password in their first six months on the job, but they were then forced to change it in order to log into their computers.  And even if employees are using the same passwords for work and other services they won’t be a few months from now, when their current work password expires. This is how password time limits reduce your exposure to the damage caused by password thieves.

Want to learn more about how WingSwept can improve your company’s network performance and security?  Contact us online or call 919.779.0954