888.678.7282    Get SUPPORT

Strata Information Technology Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, February 15 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Business Computing Technology Best Practices Managed IT Services Privacy Cloud Network Security Malware Internet Hackers Cybersecurity User Tips Communications Tech Term Backup Ransomware Software Productivity IT Support Smartphones VoIP Business Management Microsoft Passwords Outsourced IT Efficiency Productivity Business Alert Hardware Email Data Data Backup Browser Innovation Social Media IT Services Windows 10 Data Recovery Google Communication Small Business Network Microsoft Office Hosted Solutions Users Mobile Device Smartphone Holiday Phishing Cloud Computing Collaboration Save Money Internet of Things Access Control Miscellaneous Saving Money Business Continuity Android Data Breach App Bandwidth Vulnerability Twitter Apps Politics Workplace Tips Blockchain Office 365 Compliance Law Enforcement Applications Wireless Facebook Mobile Device Management Employer-Employee Relationship Networking Mobile Devices Wi-Fi Remote Monitoring Scam Patch Management Workers Computer Cybercrime Personal Information Government Excel Settings BDR Company Culture Managed IT Service SaaS Remote Monitoring and Management Chrome Dark Web Virus Windows Website Antivirus Word Virtual Assistant Computers Entertainment Spam How To Recovery Managing Stress Education Maintenance Password Data Security Information Retail Vendor Management Medical IT Office BYOD Connectivity Automation Marketing Data loss Analytics Update Dark Data Remote Control HP Gadgets Budget Payment Avoiding Downtime Authorization Processors Scalability Phone System Security Cameras Streaming Media Storage Cortana Technology Tips Lead Generation Hybrid Cloud Video Games Google Maps Wireless Internet Comparison Emergency Staff Telephony RAM IaaS Technology Efficiently Unified Threat Management Document Management Database Worker instant Messaging Downloads Television Information Technology Apple Credit Cards Managed Service Provider Cost Management Smart Technology Error News Backup and Disaster Recovery Cables Staffing Upgrade Help Desk Managed IT Multi-Factor Security Specifications Hiring/Firing Vulnerabilities Employer Employee Relationship Licensing Websites Voice over IP Microsoft Teams HaaS Printer Server Outlook Botnet VPN Email Management Paperless Office Tactics Printer Regulation Artificial Intelligence Trends Biometrics Troubleshooting iPhone e-waste Gadget Healthcare Business Intelligence Touchscreen Battery Data Management Telephone System SSD WannaCry Voice over Internet Protocol Certification Encryption IT budget PowerPoint Reporting Automobile Travel Cleaning Printers Managed Service Digital Sales Internet Explorer Physical Security A.I. Leadership Access VoIPMyths Synergy WiFi disposal Current Events Shortcut Two-factor Authentication Plug-In Microsoft Office 365 Yahoo Inventory HIPAA Mobility Router IT Management Content Filtering Sports Live Streaming Dongle Computer Care Profitability Edge Tablet Threat Files Movies VoIPSavings Telephone Systems Spyware Data Protection Value Net Neutrality CrashOverride Tech Support Proactive IT Hard Drives E-Commerce Disaster Recovery Safety Authentication DDoS Remote Support Hard Drive Amazon Training Tech Terms Gmail GDPR WhatsApp Wireless Charging Bring Your Own Device Gaming Console The Internet of Things Eliminating Downtime Knowledge IT Support Unified Communications Emoji File Sharing Competition Operating System Customer Relationship Management Instagram Network Attached Storage User Tip Copy IP Address Samsung Big Data Money Paper Spam Blocking User Security Windows 10 Quick Tips Environment VoIP Customer Service Wearables Server Management Tip of the week Paste Mobile Office Ink Domains Business Technology Remote Computing Managed IT Services Fun Conferencing Cryptocurrency eCommerce Public Speaking Machine Learning Telecommuting Presentation Lithium-ion battery Virtualization Online Shopping G Suite Augmented Reality Autocorrect Telecommute Millennials Wireless Technology 5G Mobile Security IBM Search Scheduling Hosted Solution Hacker Server Google Drive Laptop Printing

Newsletter Sign Up