One of the better security videos we have released is on two factor authentication. Pithy, short, and in language a normal human being can understand are characteristics of this video.
While I have always railed against silly security rules that waste everyone’s time, password expiration has particularly irked me. It is mathematically indefensible and just complicates everyone’s life if you have a long password. As we roll out two-factor authentication, we will make user passwords never expire.
To highlight the emotional impact this has, two things happened when I announced this at executive cabinet:
- The President immediately blurted out “…and this is why you invest in information security!” and,
- Several of my colleagues teared up as changing passwords is one of the things they most dreaded about work.
Combining the two initiatives will accelerate adoption of 2-factor authentication.