Blog
home
  • Register

Data Net Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, July 17, 2019

Captcha Image

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity Malware Privacy User Tips Microsoft Google Data Communication Efficiency Smartphones Internet Tech Term Hardware Hackers Mobile Device Computer Cloud IT Support Windows 10 Innovation Email Cybersecurity Ransomware Software Communications Android Mobile Devices Business Business Management Small Business Network Browser VoIp Passwords Managed IT Services Users Social Media IT Services Workplace Tips Smartphone Outsourced IT Collaboration Wi-Fi Cloud Computing Applications Hosted Solutions Wireless Backup Data Backup Apps Holiday Bandwidth Managed IT services Information Data recovery Employer-Employee Relationship Chrome Internet of Things Microsoft Office Save Money Gadgets Word Laptop Patch Management Saving Money Value Blockchain Access Control Miscellaneous Gmail Upgrade Networking Marketing Connectivity Managed Service Healthcare Company Culture Artificial Intelligence Processor Net Neutrality Password Voice over Internet Protocol Compliance Data Security Cortana Mobility Router Virus How To Government Remote Computing Paperless Office Wireless Charging G Suite VPN Phishing Managed IT Service BDR Office Virtual Assistant Physical Security Virtualization Data Management Excel Remote Monitoring and Management Office 365 Business Intelligence RAM Data Protection Tech Terms Cost Management Scam Data Breach Medical IT Computers Facebook Telephony Automation OneNote Tip of the week HP Spam Travel SaaS instant Messaging IT budget Twitter Botnet Cables Profitability iPhone Paper Business Technology Voice over IP Employees HIPAA Cybercrime Certification File Sharing Millennials Dongle WhatsApp Movies Touchscreen Specifications e-waste Website Windows Server 2008 R2 Document Management Antivirus Education GDPR Vulnerabilities Knowledge Battery Inventory Remote Monitoring Eliminating Downtime Licensing Ink Backup and Disaster Recovery News Managing Stress Solid State Drive Hard Drive Machine Learning Tactics Maintenance Plug-In Display Microsoft Office 365 Human Resources Conferencing Lead Generation disposal Taskbar Staff Live Streaming Streaming Media Storage Cryptocurrency IT Management Mobile Security Retail BYOD Tech Support PowerPoint Personal Information eCommerce Hard Drives Telephone System Troubleshooting Hard Disk Drive Processors Internet Explorer Proactive IT Training Benchmarks Analytics Unified Communications Authentication Employee-Employer Relationship Server Management Wireless Internet Help Desk Law Enforcement National Security Telecommuting Digital Websites Downloads Dark Web Windows 7 Operating System Remote Support Telecommute Alert Vulnerability Sports Reporting E-Commerce Sales Online Shopping SSD Cleaning Bring Your Own Device Update Video User Tip Spyware Threat Security Cameras Authorization Electronic Health Records Content Filtering Amazon Business Continuity Windows Safety Trends Error Time Management Server Data loss Payment Tablet Settings Hybrid Cloud Outlook Customer Service Apple Printing Wearables User Security Big Data Technology Tips Microsoft Teams Health WannaCry Database Updates Workers Edge Congratulations A.I. Chrome OS Comparison Network Attached Storage Environment Disaster Recovery Printers WiFi Regulation Thank You Analysis Quick Tips

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123