Out of the Box Solutions Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, April 21 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Network Security Productivity User Tips Privacy Internet Tech Term Smartphones Microsoft Efficiency Communication Data Google Hardware Email Cybersecurity Innovation Business Mobile Device Passwords Windows 10 IT Support Cloud Browser Android Users Malware Mobile Devices Business Management Small Business Collaboration Ransomware IT Services Communications Network Wireless Holiday Workplace Tips Hackers Bandwidth Managed IT services Software Data Backup Applications Outsourced IT Backup Wi-Fi Saving Money Managed IT Services Data recovery Internet of Things Networking Employer-Employee Relationship Apps Cloud Computing VoIp Marketing Hosted Solutions Business Intelligence Blockchain Information Social Media Office Save Money Medical IT Tech Terms Chrome Automation Office 365 Connectivity Cortana Healthcare Facebook Paperless Office Smartphone Managed Service Mobility Artificial Intelligence Virtual Assistant Password Data Security Gmail Cost Management Analytics Net Neutrality Wireless Charging Compliance Gadgets Virtualization VPN Remote Monitoring and Management G Suite Managed IT Service BDR Data Management Access Control Remote Computing Microsoft Office Computers Patch Management Computer Mobile Security Microsoft Teams Antivirus Electronic Health Records Printing Wearables A.I. Document Management Authentication Telecommute Telecommuting Analysis IT budget Certification SSD Hard Drive Error instant Messaging Tip of the week Value Hybrid Cloud Physical Security BYOD Knowledge Content Filtering Operating System Company Culture Troubleshooting Staff Health Phishing Dongle Paper Lead Generation SaaS Network Attached Storage Movies Authorization Chrome OS Maintenance Battery Comparison Processors Vulnerabilities User Tip Cables eCommerce Plug-In Laptop Wireless Internet Telephony Technology Tips GDPR Managing Stress Update Data Breach Ink Twitter Digital Data loss Workers Employees Router Training Specifications Vulnerability Touchscreen Machine Learning Cryptocurrency Database Voice over Internet Protocol Online Shopping Proactive IT Help Desk Voice over IP Streaming Media Personal Information Environment Outlook Sales Government PowerPoint Inventory Unified Communications Spam Human Resources Millennials Websites Internet Explorer IT Management Security Cameras Spyware Microsoft Office 365 Cybercrime Business Continuity Backup and Disaster Recovery Downloads WannaCry Storage Server Management E-Commerce e-waste Big Data Profitability Tablet Sports Conferencing Data Protection RAM Edge Miscellaneous Virus Employee-Employer Relationship Business Technology Safety Threat Server Reporting Word HP Time Management Tactics Settings Upgrade Hard Drives Trends HIPAA Dark Web Payment disposal Bring Your Own Device Amazon Eliminating Downtime Excel Printers Alert Quick Tips Disaster Recovery Solid State Drive Regulation Windows 7 Hard Disk Drive