As a result of a Penetration Test performed on our software, we have implemented changes to our password policy, that aim to better protect companies' and users' data.
A Penetration Test
A Penetration Test is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in software. One of the findings in our last test was that the Air Maestro password policy was insufficient.
Changes to Password Policy
Extending minimum password length to 14 characters
Inability to use common words was well as names including your own name and your company’s name, email, date of birth, and Air Maestro username.
When the regular password change requirement is enabled, the user won’t be able to use their previous eight passwords. The old passwords will be encrypted as well.
Recommendations for users
Longer and stronger passwords are significantly harder to break, however we understand the added complexity and length can make it more difficult to come up with a password that will be memorable.
We recommend considering passphrases - strong type of password that has four or more random words, or a short sentence that means something to a user.
We discourage writing the passwords down and disclosing them to colleagues.