(509) 534-1530    Get SUPPORT

SCW Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, February 24 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Privacy Cloud Productivity Network Security User Tips Malware Cybersecurity Smartphones Tech Term Communications Communication Hackers Hardware Email Internet Passwords Backup Business Innovation Managed IT Services Browser Microsoft Android Mobile Device Alert Efficiency VoIp Ransomware Google Collaboration Software Outsourced IT Smartphone Hosted Solutions Data Small Business Internet of Things Data Backup Cloud Computing IT Support Applications Network Data Recovery Business Management Wi-Fi Mobile Devices Access Control Holiday Social Media Router Password IT Services Wireless Miscellaneous Apps Employer-Employee Relationship Battery Phishing Business Continuity Saving Money Patch Management Save Money Politics Business Intelligence Networking Company Culture Windows 10 Twitter Marketing Facebook Users Workers Data Breach Word Government Vulnerability Virtualization Bandwidth Computer BDR IT Support Blockchain Data Management Microsoft Office Windows 10 Office Artificial Intelligence Wireless Charging Workplace Tips Physical Security Data Security Website VoIP Hosted Solution Cybercrime Mobility HIPAA App VPN Scam Law Enforcement Dark Web Remote Computing WiFi Tech Terms Cortana Spam Chrome Managing Stress Apple Virus Excel Medical IT Information Automation Data Protection G Suite How To iPhone Virtual Assistant Maintenance Compliance Gadgets Paperless Office Disaster Recovery Tip of the week Computers Managed IT Service Settings Gmail Productivity Travel Streaming Media Storage Knowledge Operating System Email Management Certification IT budget Telephony Paper User Security Backup and Disaster Recovery Digital Hybrid Cloud Paste Health Files Safety Hard Drive RAM Quick Tips User Tip Database Office Tips Live Streaming Machine Learning Server Downloads Entertainment Error Comparison Plug-In IT Management Voice over IP Ink Managed IT Services Current Events Smart Technology Business Technology Hard Drives Edge Cables Recovery Antivirus Printers E-Commerce Remote Support Processors Microsoft Teams Cleaning Troubleshooting Cabling Tactics WhatsApp Telecommute Trends Worker Touchscreen Hacking Multi-Factor Security Specifications Training Windows XP eCommerce PowerPoint Education Retail Reporting Managed Service Provider SSD Big Data Voice over Internet Protocol Telephone Systems Payment BYOD Dongle Spyware Update Telecommuting Internet Explorer Data loss Lead Generation A.I. Managed IT Printer Personal Information Microsoft Office 365 Conferencing Analytics Security Cameras Licensing Network Attached Storage Online Shopping Sports Botnet Avoiding Downtime Sales Inventory Laptop Remote Monitoring Remote Control Help Desk instant Messaging Mobile Device Management HP Outlook Millennials Threat News Staff Movies SaaS Office 365 Authentication Content Filtering Value Google Drive Wearables Tech Support Server Management Connectivity GDPR Tablet Mobile Security Amazon Information Technology Spam Blocking Upgrade Vulnerabilities File Sharing Technology Tips Document Management Bring Your Own Device Cost Management Copy Printing Two-factor Authentication Healthcare Telephone System Websites WannaCry Unified Communications CrashOverride Authorization Spotify Windows Autocorrect The Internet of Things Television Phone System Automobile Credit Cards Unified Threat Management Staffing Cryptocurrency Profitability Printer Server Webcam HaaS Google Maps Dark Data Environment Biometrics Eliminating Downtime Scheduling Money Leadership Gadget e-waste Proactive IT Access Thank You Emergency Budget Wireless Internet DDoS Computer Care Shortcut disposal Remote Monitoring and Management Samsung Congratulations Net Neutrality Synergy Instagram Gaming Console Freedom of Information Encryption Search Employer Employee Relationship Hacker Scalability Emoji Hiring/Firing Video Games Managed Service Vendor Management IaaS Regulation Yahoo