When it comes to password expiry, different companies have different policies.
Whilst the current industry standard is 90 days, a lot of companies do enforce a lower 30 days period or anything in between 30 and 90 days.
If you ask the users, they do not tend to be happy with changing passwords often and even at all (are you?)
The problem with changing passwords often is that, unless you are using some kind of password safe with random generated passwords, users tend to just change a letter or number at the end of their password (1, 2, 3 or 2019, 2020, etc.), chose another weak password all together or write it down somewhere.
And if users do that, then changing their passwords often does not improve your security posture.
We therefore advise not to go lower than 90 days when it comes to password expiry, in fact when it comes to authentication security, we would highly recommend that you enforce dual factor authentication through SMS or App for s...
>>[READ MORE]
Afer 17 years, a NEW BUGS Cryptography Package for Unix (version 4.1.2)
#134 - Posted on
17 January 2020 - Author: SM - Category: Cryptography, Security
BUGS is a personal cyber security project from Sylvain Martinez, which started about 25 years ago and has enabled him to kick start his career in Cyber Security.
As such it has a special place in the heart of ELYSIUMSECURITY.
It is an open source project where Sylvain created his own symmetric cryptography algorithm along with a few applications to showcase the capability of his cryptography algorythm:
An application to encrypt/decrypt files, a simple encrypted chat application, a secure shell add-on, a password manager, etc.
This project is a hobby and should only be seen as that, any respectable professional cryptographer would tell you this: "Do not create your own cryptography algorithm"!
Furthermore, we always advise our clients to only use international standard algorithms (i.e.: AES)
Having said that, it doesn't mean we cannot have a go ourselves!
It had the merit of teaching us a lot about cryptography and after all, no one ha...
>>[READ MORE]