Blog
home
  • Register

Data Net Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, April 20, 2019

Captcha Image

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity Privacy User Tips Internet Smartphones Tech Term Microsoft Google Communication Data Efficiency Cloud Malware Email Cybersecurity Android Communications Innovation Hardware Passwords Users IT Support Mobile Device Software Windows 10 Browser Business Mobile Devices Hackers Business Management Wi-Fi Ransomware Collaboration Network Small Business IT Services VoIp Managed IT services Backup Workplace Tips Bandwidth Social Media Applications Managed IT Services Data recovery Hosted Solutions Wireless Cloud Computing Internet of Things Chrome Outsourced IT Data Backup Holiday Microsoft Office Apps Word Smartphone Employer-Employee Relationship Blockchain Patch Management Information Marketing Saving Money Networking Access Control Save Money Scam Data Breach Router Password Wireless Charging Government Connectivity Remote Computing Office Virtual Assistant Managed IT Service Virtualization Paperless Office VPN Compliance Gadgets Healthcare BDR Miscellaneous Office 365 Data Protection Net Neutrality Data Management How To Virus G Suite Gmail Data Security Business Intelligence Mobility Tech Terms Cost Management Physical Security Phishing Computers Facebook Computer Automation Remote Monitoring and Management Excel Medical IT Artificial Intelligence Cortana Conferencing Lead Generation Security Cameras Dongle A.I. Electronic Health Records e-waste Cables Profitability Business Continuity Document Management Antivirus Apple SaaS Time Management Inventory Machine Learning Tactics Paper Managed Service Processors Payment Laptop Backup and Disaster Recovery Congratulations Company Culture eCommerce disposal Botnet Wearables Travel Movies Touchscreen Health Voice over Internet Protocol Eliminating Downtime Upgrade Staff iPhone Law Enforcement Telecommuting GDPR Chrome OS IT Management Mobile Security Website Ink User Tip Spyware instant Messaging Hard Drives WhatsApp Sales Managing Stress Online Shopping Server Management Value Remote Monitoring Maintenance Content Filtering Plug-In Analytics Education Microsoft Office 365 Employees Server BYOD Certification Digital Websites Licensing Streaming Media Storage Operating System News Telecommute PowerPoint Vulnerabilities SSD Tablet Settings Troubleshooting Retail Internet Explorer Proactive IT WannaCry Live Streaming User Security Unified Communications Telephony Authentication Comparison Wireless Internet Safety Tech Support Downloads Workers Dark Web Human Resources Telephone System Data loss Sports Tip of the week Reporting Cryptocurrency Bring Your Own Device Update Database Remote Support Threat HIPAA Personal Information Big Data Technology Tips Business Technology RAM Voice over IP Authorization Cleaning Specifications Amazon Training Edge Alert Vulnerability File Sharing Trends Millennials Error Employee-Employer Relationship Network Attached Storage Environment Battery Outlook Help Desk HP Spam IT budget Twitter Knowledge Hybrid Cloud Cybercrime Printing Hard Drive E-Commerce Microsoft Teams Disaster Recovery Printers Regulation Solid State Drive WiFi Hard Disk Drive Windows 7 Analysis Thank You Quick Tips

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123