Hello, Crown Clients and Friends!
We’re aware that technology and its applications are developing far and wide and how difficult it is for everyone to sort through the noise to find essential information. That’s why we at Crown will highlight the latest news and changes in our industry in these weekly bulletins.
This Week: Updating our Password Policy
Convenience is often the enemy of security. In the past, we’ve kept user passwords in our repository. In light of the increased prevalence of data breaches, we are ending this practice. We will no longer store user passwords, nor will we ask users for their passwords.
From now on, when accessing a system unaccompanied by the user, we’ll reset the user’s account with a temporary password for our use. Then, when exiting the system, we’ll reset the password again and communicate the temporary password to the end user via SMS. The user will be required to create a new password at their next login.
This policy has two primary benefits:
- Decreased liability and accountability. Crown will no longer store user passwords. If we were to become the target of a data breach attempt, user passwords will not be subject to compromise.
- Guarding against stagnation and complacency. Changing one’s password regularly is always considered best practice. This policy will increase the password refresh rate.
We understand that this policy change may cause moments of inconvenience, but please keep in mind that these moments are in the service of security. And pale in comparison to a breach of security.
-The Crown Team