Out of the Box Solutions Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, July 16 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity User Tips Privacy Malware Efficiency Microsoft Communication Data Google Tech Term Internet Hardware Smartphones Mobile Device Ransomware Windows 10 IT Support Hackers Innovation Email Cybersecurity Android Computer Browser Network Passwords Small Business Software Mobile Devices Communications Cloud Business Users Business Management Managed IT Services IT Services Applications Outsourced IT Workplace Tips Collaboration Employer-Employee Relationship Hosted Solutions VoIp Wi-Fi Information Data recovery Internet of Things Wireless Holiday Backup Smartphone Saving Money Apps Social Media Cloud Computing Bandwidth Managed IT services Data Backup Business Intelligence Blockchain Gmail Marketing Gadgets Save Money Networking Microsoft Office Upgrade Value Laptop Managed Service Cortana Data Security Net Neutrality Compliance Virtualization VPN Telephony G Suite BDR RAM Data Management Remote Monitoring and Management Computers Miscellaneous Tech Terms Access Control Automation Managed IT Service Connectivity Company Culture Medical IT Chrome Paperless Office Patch Management Facebook Remote Computing Artificial Intelligence Processor Cost Management Analytics Office Healthcare Virtual Assistant Password Mobility Wireless Charging Voice over Internet Protocol Office 365 Environment Taskbar Phishing Update Government PowerPoint Content Filtering GDPR Hard Disk Drive Spam Websites Internet Explorer Comparison Training IT Management Inventory Unified Communications Touchscreen Cryptocurrency Spyware Cybercrime Proactive IT Help Desk Backup and Disaster Recovery Downloads User Tip e-waste National Security Data Breach Outlook Big Data Sports Personal Information WannaCry Server Management Video Workers Human Resources Edge Virus Safety Threat Specifications Security Cameras Server Data Protection Microsoft Office 365 Windows 7 HP Tactics Voice over IP Business Continuity Settings Hard Drives Trends disposal Bring Your Own Device Sales Windows Profitability Storage E-Commerce HIPAA Mobile Security Microsoft Teams Customer Service Millennials Employee-Employer Relationship Antivirus Printing Reporting Word Time Management Document Management Telecommute IT budget SSD A.I. Hard Drive Hybrid Cloud Tablet Updates Amazon Eliminating Downtime Physical Security Dark Web Payment Operating System Business Technology OneNote Electronic Health Records Staff Dongle Paper Conferencing Wearables Lead Generation Network Attached Storage Authentication Maintenance Analysis Certification Battery Movies Employees Processors Cables Excel BYOD eCommerce Technology Tips Error instant Messaging Managing Stress Windows Server 2008 R2 Troubleshooting Health Ink SaaS Solid State Drive Telecommuting Authorization Chrome OS Digital Data loss Router Twitter Vulnerabilities Vulnerability Machine Learning Database Knowledge Display Plug-In Wireless Internet Online Shopping Streaming Media Tip of the week Quick Tips Benchmarks Disaster Recovery Regulation Alert Printers