(509) 534-1530    Get SUPPORT

SCW Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, April 22 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Privacy Cloud Network Security Productivity Malware User Tips Smartphones Cybersecurity Communication Hackers Microsoft Tech Term Internet Communications Email Passwords Google Business Hardware Innovation Data Backup Managed IT Services Android Browser Outsourced IT Mobile Devices Software Smartphone Hosted Solutions IT Support Alert Business Management Efficiency VoIp Mobile Device Ransomware Collaboration Users Small Business Bandwidth Internet of Things Data Backup Cloud Computing Data Recovery IT Services Windows 10 Network Wi-Fi Applications Holiday Apps Office Social Media Chrome Access Control Miscellaneous Wireless Router Password Patch Management Windows 10 Microsoft Office Workers BDR Battery Blockchain Saving Money Marketing Employer-Employee Relationship Computer Word Politics Twitter Data Management Business Intelligence Workplace Tips Company Culture Facebook Government Data Breach Phishing Business Continuity Virtualization Networking IT Support Vulnerability Save Money Gadgets Paperless Office Maintenance Office 365 Managing Stress Website Disaster Recovery Information Healthcare G Suite Physical Security Health Dark Web Remote Computing Compliance Hosted Solution Cortana Data Security Mobility Computers HIPAA VoIP Law Enforcement Virus Artificial Intelligence Managed IT Services WiFi Data Protection How To Virtual Assistant Apple Spam Tip of the week Managed IT Service Settings Gmail Medical IT Net Neutrality Excel iPhone Wireless Charging Cybercrime App VPN Scam Tech Terms Automation GDPR Human Resources Antivirus Dongle Hard Drive Upgrade Cleaning Internet Explorer Google Drive User Tip Data loss A.I. Live Streaming Server Information Technology Spotify Spam Blocking Comparison Vulnerabilities Sports Productivity Voice over IP Authorization Education Inventory Copy Business Technology Edge Network Attached Storage Storage Employee-Employer Relationship CrashOverride Remote Support Processors Certification Windows Threat Two-factor Authentication Staff Movies WhatsApp Managed IT Personal Information Value Email Management Multi-Factor Security Specifications Cryptocurrency Server Management Connectivity Office Tips eCommerce Quick Tips Botnet Mobile Security Paste Amazon Big Data Remote Monitoring Error Electronic Health Records Technology Tips Current Events Bring Your Own Device Smart Technology Spyware Printing Telecommuting Websites Unified Communications Lead Generation SaaS Cabling Conferencing Streaming Media Licensing Online Shopping Troubleshooting Operating System Hacking Sales Laptop E-Commerce Millennials Touchscreen Employees Backup and Disaster Recovery Hybrid Cloud Managed Service Provider HP Training Cost Management IT budget Printers Paper Windows XP Worker Safety RAM BYOD News Database Content Filtering Reporting Time Management Machine Learning Retail Downloads Tech Support Update Telephone Systems Plug-In Tablet Payment Microsoft Office 365 Hard Drives Cables Avoiding Downtime File Sharing Document Management Security Cameras IT Management Ink Chrome OS Printer Microsoft Teams Mobile Device Management Telephone System WannaCry Help Desk Analytics Tactics Telecommute Trends Travel Outlook Entertainment Remote Control Knowledge instant Messaging Files Telephony Authentication SSD Voice over Internet Protocol User Security Digital Wearables Recovery PowerPoint Scheduling Managed Service Money Leadership disposal Remote Monitoring and Management Hiring/Firing Scalability DDoS Computer Care The Internet of Things Phone System Webcam Profitability Google Maps Samsung Credit Cards Staffing Emergency Synergy Instagram Gaming Console Printer Server Eliminating Downtime Encryption Biometrics Regulation Windows 7 Employer Employee Relationship Hacker Emoji Video Games Thank You Yahoo Gadget Wireless Internet Vendor Management IaaS Access Budget Autocorrect Television Environment Automobile Solid State Drive Unified Threat Management Congratulations Dark Data Shortcut HaaS Freedom of Information e-waste Proactive IT Search Hard Disk Drive