Blog
home
  • Register

Data Net Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, February 17, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity Tech Term User Tips Privacy Smartphones Malware Internet Cybersecurity Cloud Hardware Email Microsoft Efficiency Android Communications Google Communication Browser Mobile Device Data Software Innovation Network Ransomware Small Business Mobile Devices IT Support VoIp Passwords Wi-Fi Collaboration Backup Applications Social Media Data recovery Hosted Solutions Wireless IT Services Internet of Things Business Data Backup Cloud Computing Holiday Users Business Management Windows 10 Managed IT services Hackers Blockchain Employer-Employee Relationship Word Managed IT Services Information Smartphone Marketing Patch Management Networking Saving Money Outsourced IT Access Control Workplace Tips Microsoft Office Miscellaneous Data Management Data Protection G Suite Business Intelligence Tech Terms Cost Management Gmail Data Security Computers Facebook How To Automation Computer Remote Monitoring and Management Mobility Virus Medical IT Physical Security Phishing Artificial Intelligence Password Cortana Save Money Connectivity Router Excel Wireless Charging Government Remote Computing Chrome Bandwidth Managed IT Service Scam Data Breach Apps Virtual Assistant VPN Virtualization Compliance BDR Operating System Office 365 BYOD Travel Digital Websites Content Filtering Streaming Media Storage instant Messaging Botnet iPhone Telecommute PowerPoint Server Healthcare SSD Troubleshooting Website Tablet Internet Explorer Settings Proactive IT Certification Gadgets WhatsApp Unified Communications Authentication User Security Telephony Wireless Internet Education Safety Downloads WannaCry Dark Web Vulnerabilities Remote Monitoring Licensing Data loss Comparison Sports Reporting News Workers Bring Your Own Device Update Database Threat Big Data Technology Tips Tip of the week RAM Authorization Retail Network Attached Storage Environment Business Technology Voice over IP Amazon Live Streaming Edge Trends HIPAA Error Tech Support HP Spam Specifications Personal Information Telephone System IT budget Twitter File Sharing Millennials Hybrid Cloud Outlook Cybercrime Knowledge Printing Battery Training Microsoft Teams Remote Support e-waste Help Desk Dongle A.I. Hard Drive Profitability Alert Document Management Vulnerability Antivirus Conferencing Lead Generation SaaS E-Commerce Cleaning Inventory Cables Machine Learning Tactics Paper Managed Service Security Cameras Laptop Backup and Disaster Recovery Company Culture disposal eCommerce Business Continuity Movies Processors Touchscreen Voice over Internet Protocol Eliminating Downtime Paperless Office Staff Office GDPR Payment IT Management Mobile Security Apple Ink Wearables Hard Drives Law Enforcement Telecommuting Managing Stress Server Management Value Sales Maintenance Online Shopping Plug-In Upgrade Congratulations Analytics User Tip Spyware Microsoft Office 365 Regulation Cryptocurrency WiFi Analysis Quick Tips Disaster Recovery Thank You Printers

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123