631-905-9617    Get SUPPORT

Suffolk Computer Consultants Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, April 24 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Privacy Cloud Network Security Productivity User Tips Cybersecurity Microsoft Malware Smartphones Google Communication Business Communications Internet Efficiency Tech Term Managed IT Services Hardware Email Passwords Outsourced IT Hackers Backup Business Management Data Software Innovation Windows 10 Android Small Business Hosted Solutions Browser Ransomware IT Services Data Backup VoIP Mobile Devices Bandwidth Wi-Fi Data Recovery Mobile Device Managed IT Services Collaboration IT Support Users Social Media Network Alert Holiday Computer Cloud Computing Applications Apps Microsoft Office Save Money Internet of Things Smartphone Wireless Employer-Employee Relationship Workplace Tips Router Business Intelligence Gadgets Password Twitter Chrome Miscellaneous Saving Money Office Access Control Paperless Office Word Data Management Automation Networking Analytics VoIP Phishing Virtualization Patch Management Data Breach Settings Business Continuity BDR Marketing Vulnerability Blockchain Office 365 Excel Information Government Net Neutrality BYOD Artificial Intelligence Spam Cost Management Data Security IT Support Mobility Company Culture Mobile Device Management Remote Monitoring Politics Managed Service Law Enforcement How To G Suite Wireless Charging Value WiFi Cybercrime Compliance Windows Scam Data Protection Tech Terms Connectivity Physical Security Managed IT Service Gmail Productivity Facebook Virtual Assistant Battery Cortana Dark Web Retail Remote Monitoring and Management Website App Hacking Healthcare VPN Computers Tip of the week Remote Computing Workers Virus Medical IT eCommerce Outlook HIPAA e-waste Spam Blocking Business Technology Analysis Cryptocurrency Personal Information Trends Phone System SSD Work/Life Balance Copy Apple Amazon Education Smart Technology IT budget PowerPoint Telecommuting Authentication Managed IT News Digital Internet Explorer Multi-Factor Security Conferencing GDPR Electronic Health Records Managing Stress Botnet Licensing Online Shopping Profitability Hard Drive disposal Office Tips Automobile Email Management Sales SaaS Machine Learning A.I. Two-factor Authentication Inventory Paste iPhone E-Commerce IT Management Sports Millennials Authorization Telephone System Training Edge Threat Content Filtering Storage Health Staffing Dongle Hard Drives Travel Eliminating Downtime Processors Tablet Time Management Telecommute Movies Lead Generation Tech Support Gadget Mobile Security Plug-In Payment Information Technology Server Cables Security Cameras Laptop Safety Printing Error Employees Bring Your Own Device Live Streaming Wireless Internet Spyware Google Maps Knowledge Chrome OS Printer Server Data loss Unified Communications Telephony Troubleshooting Shortcut Operating System Telephone Systems File Sharing Proactive IT instant Messaging Entertainment Biometrics Network Attached Storage Streaming Media Files Hybrid Cloud Remote Support Voice over Internet Protocol Wearables Disaster Recovery Paper User Tip Touchscreen Recovery Technology Tips WhatsApp Help Desk Maintenance HP Database Google Drive Comparison Reporting Human Resources Cleaning Big Data Printers Staff RAM Voice over IP Update WannaCry CrashOverride Environment Spotify Remote Control User Security Vulnerabilities Access Server Management Downloads Backup and Disaster Recovery Hosted Solution Ink Microsoft Office 365 Hiring/Firing Certification Antivirus Document Management Tactics Specifications Employee-Employer Relationship Upgrade Websites Microsoft Teams Emergency Employer Employee Relationship Domains Fun Freedom of Information Gaming Console Windows 10 Windows 7 Public Speaking Scalability Presentation Encryption Synergy Lithium-ion battery Yahoo Video Games Worker IaaS Augmented Reality Quick Tips Credit Cards Television Wireless Technology 5G Search Vendor Management Emoji IBM Autocorrect Printer Hacker Regulation HaaS The Internet of Things Budget Avoiding Downtime Scheduling Unified Threat Management Competition Dark Data Solid State Drive Customer Relationship Management IP Address Samsung Current Events Leadership Managed Service Provider Customer Service Instagram DDoS Hard Disk Drive Money Mobile Office Computer Care

Newsletter Sign Up