British Gas has acknowledged pressure coming from the cyber-security profession and agreed to take another look at its policy toward password managers, in order to maintain continuous compliance with cyber security controls.
The gas supplier came under severe criticism on Twitter for announcing, without apology, that it doesn't want its customers to use password managers when logging into its customer site. It implemented the policy by placing the onpaste='return false' attribute in its web code.
Blocking password manager is an issue that has arisen with other websites including Yahoo and various banking sites.
Security commentator Graham Cluley said simply, “that's a very poor decision. Please reconsider.”
You can read the full article on SC Magazine UK here.
Learn more about NERC CIP Compliance