Out of the Box Solutions Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, February 19 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity User Tips Tech Term Privacy Smartphones Internet Efficiency Hardware Microsoft Cybersecurity Innovation Email Browser Android Communication Malware Mobile Device Data Collaboration Passwords Ransomware Small Business Windows 10 Google Network IT Support Cloud Communications Mobile Devices Business Management Managed IT services Data Backup Software IT Services Wi-Fi Applications Users Business Data recovery Internet of Things Backup Wireless Holiday Saving Money Hosted Solutions Cloud Computing Employer-Employee Relationship Business Intelligence Blockchain VoIp Marketing Information Workplace Tips Outsourced IT Networking Social Media Managed IT Services Hackers Compliance Smartphone Artificial Intelligence Facebook Analytics Virtual Assistant Password Apps Office 365 Wireless Charging Bandwidth Cortana Cost Management Remote Monitoring and Management Gmail Virtualization Access Control Microsoft Office VPN G Suite Data Management BDR Medical IT Computers Tech Terms Managed IT Service Save Money Managed Service Mobility Remote Computing Automation Patch Management Data Security Connectivity Computer Office Battery Dongle Paper Paperless Office Training Operating System Company Culture eCommerce Laptop Touchscreen Maintenance Telecommuting Processors Proactive IT Help Desk Movies Personal Information Cables Tip of the week Outlook Technology Tips Knowledge Content Filtering Ink Phishing Digital Data loss Security Cameras Managing Stress Online Shopping Microsoft Office 365 Router Vulnerability Machine Learning Business Continuity Twitter Comparison Storage E-Commerce Database Voice over Internet Protocol User Tip Profitability Streaming Media Telephony IT Management Miscellaneous Government PowerPoint Data Breach Reporting Spam Word Environment Websites Internet Explorer Workers Spyware Upgrade Inventory Unified Communications Specifications Big Data Dark Web Payment Cybercrime WannaCry Amazon Server Management Eliminating Downtime Backup and Disaster Recovery Downloads Voice over IP e-waste Gadgets Server Sports Sales Edge Virus Wearables Settings Authentication Safety Threat Millennials HP Analysis Certification Data Protection RAM Error instant Messaging Tactics HIPAA BYOD Hard Drives Trends Healthcare disposal Bring Your Own Device Troubleshooting Tablet SaaS Antivirus Conferencing IT budget Authorization Printing Business Technology Document Management Telecommute Mobile Security Microsoft Teams Physical Security Vulnerabilities Hard Drive Plug-In Wireless Internet SSD A.I. GDPR Staff Value Hybrid Cloud Lead Generation Network Attached Storage Update Excel Quick Tips Cryptocurrency Disaster Recovery Regulation Printers Alert