888.678.7282    Get SUPPORT

Strata Information Technology Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, April 19 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Privacy Managed IT Services Network Security Cloud Internet Malware Hackers User Tips Microsoft Productivity Cybersecurity Communications Outsourced IT Efficiency Backup Tech Term Business Smartphones IT Support Passwords Communication Data Ransomware Software Business Management Google Windows 10 VoIP Email Users Innovation Productivity Hardware Alert IT Services Browser Data Backup Bandwidth Social Media Data Recovery Small Business Network Save Money Hosted Solutions Cloud Computing Mobile Device Smartphone Phishing Holiday Apps Collaboration Microsoft Office App Access Control Office 365 Twitter Miscellaneous Internet of Things Saving Money Business Continuity Workplace Tips Mobile Devices Vulnerability Data Breach Android Company Culture Cybercrime Politics Chrome Government Compliance BDR Wireless Blockchain Mobile Device Management Applications Facebook Wi-Fi Law Enforcement Computer Patch Management Workers Office Personal Information Settings Employer-Employee Relationship Net Neutrality Networking Remote Monitoring Scam Excel Remote Monitoring and Management Vendor Management Automation Managed IT Service Information SaaS Dark Web Website Virus Connectivity Windows Word Virtual Assistant Spam How To Healthcare Entertainment Recovery Antivirus Data Security Computers Maintenance Password Paperless Office Medical IT Retail BYOD Marketing Managing Stress Education Gadgets Remote Control Payment Gaming Console IT Management Sports Update Yahoo Inventory Analytics Edge Threat Authorization Employees Dongle Processors Security Cameras Spyware Value Comparison Storage Hard Drives Scalability Phone System Movies Lead Generation Wireless Internet instant Messaging Video Games Google Maps Tech Terms Emergency Telephony Technology Efficiently DDoS Amazon IaaS Worker Bring Your Own Device Upgrade Apple Television Information Technology HP Multi-Factor Security Specifications Error Human Resources Avoiding Downtime Credit Cards Data loss News Help Desk Dark Data Email Management Regulation Vulnerabilities Staffing Streaming Media Licensing Voice over IP Outlook Smart Technology HaaS Printer Server Troubleshooting Cortana Printer Technology Tips Hybrid Cloud iPhone Biometrics Document Management Database Touchscreen Employee-Employer Relationship Gadget Staff RAM Telephone System WannaCry Certification Unified Threat Management Two-factor Authentication Sales Reporting Managed Service Provider Cryptocurrency Cost Management Downloads Travel Managed Service Business Intelligence Plug-In Managed IT Cleaning Printers Physical Security VoIPMyths Backup and Disaster Recovery Cables WiFi Leadership Access Tactics Router Content Filtering Microsoft Office 365 Hiring/Firing Electronic Health Records Employer Employee Relationship Current Events Shortcut Websites Microsoft Teams HIPAA Mobility Botnet VPN Tech Support Tablet Artificial Intelligence Trends Live Streaming Profitability e-waste Proactive IT E-Commerce Encryption Computer Care IT budget PowerPoint Safety Files VoIPSavings Battery Data Management SSD Voice over Internet Protocol Telephone Systems Data Protection Digital Internet Explorer Gmail Authentication Health Automobile CrashOverride The Internet of Things Remote Support Hard Drive Training disposal Budget Knowledge GDPR Time Management A.I. WhatsApp Wireless Charging Eliminating Downtime Synergy Disaster Recovery File Sharing Competition IT Support Hosted Solution Customer Relationship Management IP Address User Tip Virtualization G Suite Big Data Autocorrect Chrome OS Telecommute Customer Service Spam Blocking User Security Search Scheduling Copy Mobile Security Laptop Printing Mobile Office Tip of the week Quick Tips Server Windows 10 Wearables VoIP Unified Communications Domains Emoji Business Technology Instagram Network Attached Storage Paste Operating System Money Paper Remote Computing Samsung Conferencing Public Speaking Managed IT Services Server Management Presentation eCommerce Environment Ink Lithium-ion battery Telecommuting Augmented Reality Windows 7 Wireless Technology 5G Online Shopping Fun Millennials IBM Hacker Google Drive Machine Learning

Newsletter Sign Up