Contact us today!
217-428-6449

Network Solutions Unlimited Blog

Tip of the Week: New Password Recommendations by NIST

Tip of the Week: New Password Recommendations by NIST

Passwords are always a major pain point for businesses, but in some industries, their importance is emphasized more than others. In particular, government-based organizations need to be prepared to keep more secure passwords. While we understand that not all organizations are government-based, there’s something to be said about proper password practices that we can all learn something from.

The United States’ National Institute of Standards and Technology has issued new password recommendations and standards for government officials, and everyone can stand to benefit from at least considering the recommendations--even in the business sector. Some of these might seem a bit odd compared to what professionals typically say about passwords but bear with us. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the Passwords User-Friendly: Above all else, under the regulations of NIST, passwords should be user-friendly and place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a Minimum of 8 Characters: NIST’s new guidelines suggest that all passwords have a bare minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

As for some of the things to avoid using, here are some to consider:

  • Composition rules aren’t great: Stop trying to tell your employees what to use in their passwords. Instead, encourage users to use passphrases that are long and alphanumeric in nature.
  • Ditch password hints: This is one you might not have heard of. NIST asks that password hints be removed, as anyone trying to break into an account can use their knowledge of the target to overcome this barrier and change a password (or find out the current one). The same can be said for knowledge-based authentication involving questions about the user’s personal life.
  • No more password expiration: This goes back to the “user-friendly” aspect of passwords mentioned earlier. The only time passwords should be reset is if they are forgotten, phished, or stolen.

Overall, NIST wants to try and help make passwords less of a pain for users while still maintaining a similar level of security. What are your thoughts on some of these new standards? Let us know in the comments.

7 Tips to Take Control of Your PII
3 Data Recovery Issues to Consider
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, March 20 2019

Captcha Image

Mobile? Grab this Article!

QR-Code

Tag Cloud

Two-factor Authentication Lifestyle Law Enforcement Google WannaCry Telephone Systems Cloud Computing End of Support CrashOverride How To Google Assistant Analysis Workplace Tips Smartphone Windows 7 Audit Spam Blocking Chrome Windows Ink Cast Paperless Office Hackers Commerce Communication Legislation Hiring/Firing Colocation Public Computer Files Application Innovation Hyperlink Maintenance User Tips Data Breach Virtual Reality Employer-Employee Relationship Recovery Office 365 Internet exploMicrosoft Search Virtual Private Network Redundancy USB Tablets Education Meetings WiFi Loyalty Marketing Cache Medical IT Android Travel Data Recovery Language Content Battery Payroll Managed Service Devices Cybercrime Disaster Recovery Evernote Gadgets Audiobook Monitors Wireless Identity App HIPAA Rootkit Machine Learning Printing IT budget Update Admin Remote Monitoring NFL Identities WPA3 Outsourced IT Managed IT Services Remote Workers Saving Money Printers Device Security Accessory Electronic Medical Records Physical Security Hard Disk Drive Windows 10 IT Service Updates Data Security Human Resources Relocation Adobe Best Practice Computer Accessories Shortcut Virtual Assistant Bring Your Own Device PowerPoint Security Keyboard Shortcuts Value The Internet of Things User Error Money Monitoring Bluetooth Chromebook Black Market Networking Wireless Charging Cortana SaaS Risk Management Cost Management Smart Tech Connectivity Hacking Students Retail Data Theft Employee-Employer Relationship Chromecast Cloud Regulation Laptop Government Break/Fix IT Solutions Health Automation Twitter Virtualization Ransomware Hybrid Cloud Consultant Business Mobile Devices Microsoft Downtime IT Support Google Maps Worker Commute Congratulations Backup and Disaster Recovery Memory IT Support Wireless Internet BDR Productivity Legal Computer Data Management Information Internet Transportation Budget Streaming Media Unified Communications Dark Web Information Technology Computer Fan MSP Phone System Projects Private Cloud Samsung Data Storage Gamification Business Intelligence File Sharing SMB Charger Entertainment Safety Saving Time Humor HBO Amazon Hard Drive Licensing Server Hard Drives Financial Technology Computing Infrastructure Monitor Storage Wasting Time Users VPN Conferencing Benefits Sports Going Green Software Camera Security Cameras Comparison PDF Microsoft Office Social Engineering Project Management Computer Care IT Services Cleaning Company Culture Webinar Cybersecurity Two Factor Authentication Ciminal Thank You Privacy Display Computing Edge Tech Support Professional Services Scam Vulnerability Business Technology Tip of the Week Upgrades Software as a Service Keyboard Business Continuity Touchpad Mobile Root Cause Analysis Politics E-Commerce Access Control Artificial Intelligence Troubleshooting Technology Management Encryption Emails Phishing Network Security Best Practices Outlook Identity Theft Utility Computing Alexa for Business Network Upgrade Fraud Content Filter Techology How to Managed IT Service Browser Blockchain Windows Content Filtering Settings Google Drive Efficiency Save Time Data Protection Employee Malware Proactive IT Data Loss Vendor Management Credit Cards Applications Business Computing Gmail Customer Instant Messaging Mobile Device Robot Data Backup Social Media Hardware Router iOS Financial VoIP Alert Password Office Bandwidth Windows 10s Word Spyware Smartphones FAQ Productivity Video Games Advertising Managed IT iPhone Flexibility Patch Management Peripheral Screen Mirroring Proactive Reputation Virus Shadow IT Computers Excel Apps Personal Information Compliance Data HaaS intranet Managed Service Provider Spam hacker Scalability File Storage Nanotechnology Telephone Assessment History Google Docs Hosted Solutions Co-Managed Services Specifications Administration Computer Forensics Office Tips Websites Unsupported Software Sync Analytics Avoiding Downtime Public Cloud Operating System Antivirus Automobile Microsoft Word Workers Firewall Augmented Reality Sales Gifts Hosted Solution Mobile Device Management Business Management Internet Exlporer Mobility Payment Cards Data storage Save Money Smart Technology Passwords eWaste Worker Employer Employee Relationship Television Quick Tips Internet of Things Touchscreen Backup Document Management App store Small Business Wireless Technology Data Privacy IT solutions Business Owner Apple Big Data OneNote IT Management Managing Stress Collaboration Remote Computing Experience Wi-Fi Microsoft Excel Work/Life Balance Windows 10 Email Holiday Tech Term Mobile Security Managed IT Services WIndows Server 2008 Wasting Money Testing Books Emergency Unified Threat Management BYOD Training Vendor Solid State Drive Facebook Communications Miscellaneous IoT