631-905-9617    Get SUPPORT

Suffolk Computer Consultants Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, February 20 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Cloud Privacy Network Security Productivity Cybersecurity User Tips Malware Microsoft Managed IT Services Communications Smartphones Tech Term Passwords Backup Efficiency Hardware Email Communication Software Hackers Google Business Internet Outsourced IT Hosted Solutions Ransomware Small Business Browser Innovation Business Management Android Wi-Fi Data Data Backup Data Recovery Windows 10 Collaboration Mobile Device VoIP Internet of Things Save Money Network Microsoft Office Smartphone Alert IT Services Cloud Computing Applications Social Media Holiday IT Support Mobile Devices Computer Access Control Password Apps Twitter Bandwidth Business Intelligence Users Employer-Employee Relationship Miscellaneous Saving Money Managed IT Services Wireless Router Workplace Tips Excel Blockchain Office Word Marketing Automation Gadgets Analytics VoIP Government Networking Office 365 Settings Data Management Patch Management Data Breach Vulnerability Information Business Continuity Phishing Virtualization BDR Chrome Tip of the week Remote Computing Virtual Assistant Managed Service VPN Workers Virus Battery BYOD Cortana Compliance Computers Company Culture App Productivity Artificial Intelligence Hacking How To Politics Paperless Office Wireless Charging IT Support Data Protection Windows Cost Management Physical Security Managed IT Service Website Gmail Remote Monitoring and Management Remote Monitoring G Suite Law Enforcement Medical IT Tech Terms Connectivity Spam Dark Web Facebook Mobile Device Management Data Security Retail WiFi Cybercrime Mobility Scam Network Attached Storage Streaming Media Two-factor Authentication Profitability Access Server Operating System CrashOverride Hosted Solution Authorization Specifications Technology Tips Hybrid Cloud E-Commerce Google Maps Paper Spam Blocking Business Technology Staff RAM Training eCommerce HP Database Antivirus Storage Copy Apple Server Management Downloads Tech Support Personal Information Eliminating Downtime Telecommuting WannaCry Environment Education Smart Technology Multi-Factor Security Conferencing Backup and Disaster Recovery Safety Plug-In Payment Phone System News Ink Error Email Management Sales Websites Microsoft Teams Cables Security Cameras Spotify Licensing Online Shopping Document Management Tactics Paste iPhone Trends SaaS Wireless Internet Millennials HIPAA e-waste PowerPoint Troubleshooting Hiring/Firing Content Filtering SSD Proactive IT instant Messaging Telephone System IT budget Touchscreen Tablet Managing Stress Voice over Internet Protocol Wearables Staffing Travel Digital Internet Explorer Big Data Machine Learning A.I. Help Desk Work/Life Balance Hard Drive disposal Reporting IT Management Sports Update Information Technology Managed IT Inventory Vulnerabilities Gadget Microsoft Office 365 Botnet Knowledge Dongle Healthcare Office Tips Automobile Live Streaming Edge Threat Upgrade Telephone Systems File Sharing Telecommute Movies Certification Printer Server Files Telephony Processors Value Entertainment Outlook Biometrics User Tip Lead Generation Mobile Security Analysis Shortcut Remote Support Authentication Disaster Recovery Hard Drives Google Drive Comparison Bring Your Own Device Amazon Recovery WhatsApp Laptop Printing Remote Control User Security Data loss Unified Communications Cleaning Printers Voice over IP Spyware GDPR Maintenance Leadership Vendor Management Presentation Current Events Autocorrect Lithium-ion battery Computer Care Avoiding Downtime Emergency Augmented Reality Scheduling Wireless Technology 5G Net Neutrality Dark Data IBM Quick Tips Samsung Managed Service Provider Hacker Gaming Console The Internet of Things Budget Instagram Regulation DDoS Customer Relationship Management Money Competition Scalability Synergy IP Address Video Games Employer Employee Relationship IaaS Worker Fun Customer Service Television Credit Cards Freedom of Information Emoji Mobile Office HaaS Domains Printer Encryption Cryptocurrency Yahoo Windows 10 Unified Threat Management Search Public Speaking

Newsletter Sign Up