Heart of Texas Network Consultants Blog

Tip of the Week: New Password Recommendations by NIST

Tip of the Week: New Password Recommendations by NIST

Passwords are always a major pain point for businesses, but in some industries, their importance is emphasized more than others. In particular, government-based organizations need to be prepared to keep more secure passwords. While we understand that not all organizations are government-based, there’s something to be said about proper password practices that we can all learn something from.

The United States’ National Institute of Standards and Technology has issued new password recommendations and standards for government officials, and everyone can stand to benefit from at least considering the recommendations--even in the business sector. Some of these might seem a bit odd compared to what professionals typically say about passwords but bear with us. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the Passwords User-Friendly: Above all else, under the regulations of NIST, passwords should be user-friendly and place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a Minimum of 8 Characters: NIST’s new guidelines suggest that all passwords have a bare minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

As for some of the things to avoid using, here are some to consider:

  • Composition rules aren’t great: Stop trying to tell your employees what to use in their passwords. Instead, encourage users to use passphrases that are long and alphanumeric in nature.
  • Ditch password hints: This is one you might not have heard of. NIST asks that password hints be removed, as anyone trying to break into an account can use their knowledge of the target to overcome this barrier and change a password (or find out the current one). The same can be said for knowledge-based authentication involving questions about the user’s personal life.
  • No more password expiration: This goes back to the “user-friendly” aspect of passwords mentioned earlier. The only time passwords should be reset is if they are forgotten, phished, or stolen.

Overall, NIST wants to try and help make passwords less of a pain for users while still maintaining a similar level of security. What are your thoughts on some of these new standards? Let us know in the comments.

7 Tips to Take Control of Your PII
3 Data Recovery Issues to Consider


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, February 19 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Facebook Smartphone Chrome Windows 8 Wearable Technology Update Router Social Wi-Fi Bring Your Own Device Windows 10 Managed IT Services Automation Network Security Unified Threat Management Quick Tips Remote Computing Wireless Computers Big Data Avoiding Downtime IT Support Data Management Cybercrime Ransomware OneNote Outlook Risk Management Smartphones Cloud Office 365 Android Money Innovation Efficiency Work/Life Balance Data Users Technology PowerPoint Hosted Solutions WiFi Miscellaneous Two-factor Authentication Password Artificial Intelligence Outsourced IT Internet of Things Browser Managed IT Services USB Microsoft Data Backup Disaster Recovery Operating System Best Practice Printer Current Events Workplace Tips Wireless Technology Security Privacy Cost Management Hard Drives Customer Relationship Management Productivity History Mobility Business Continuity Vendor Management Gadgets Application communications Shortcut Law Enforcement The Internet of Things Best Practices Network Virtualization Health Managed Service Provider Software Marketing Phishing Tech Term Small Business Saving Money Search Office Tips iPhone Unsupported Software User Tips Personal Information Spam Tech Support Windows Social Media Cybersecurity Applications Hacking Server Google Save Money Proactive IT Mobile Office Backup Mobile Computing Mobile Device Augmented Reality Google Drive User Error Data Recovery VoIP BDR Cloud Computing Employer-Employee Relationship BYOD Information Technology Alert Holiday Maintenance Collaboration IT Services Hackers Encryption Email Mobile Device Management App Upgrade Gmail Windows 10 Antivirus Bandwidth Passwords Apps Laptop Tablet Hardware Business Management Computer Malware Going Green Vulnerability Communication Productivity Office Internet Business Government Mobile Devices Tip of the Week Microsoft Office IT Support Networking Lithium-ion battery Business Computing Analytics Data Security Humor Telephone Systems