Categories
Cyber security

New year, new password – but not if you’re already doing it right

Author: Jon Trickey, Information security officer Intro “Change your password regularly” is a frequently heard piece of password advice. However, enforcing password expiry can result in users making small, predictable changes to their existing password (for example, winter2021 > spring2022), rather than choosing an entirely new one.  This has the opposite effect to the one […]

Categories
Cyber security Uncategorized

Azure Active Directory – Issues with User Consent

The Jisc Cloud team in conjunction with the Jisc Trust and Identity team has published a post highlighting a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), then please read this information […]