Call Us Today! (256) 704-0234 |solutions@techni-core.com
//Updated NIST Guidelines on Password Policies

Updated NIST Guidelines on Password Policies

[av_heading tag=’h3′ padding=’25’ heading=’Updated NIST Guidelines on Password Policies’ color=” style=’blockquote modern-quote modern-centered’ custom_font=” size=’30’ subheading_active=” subheading_size=’15’ custom_class=”][/av_heading]

[av_textblock size=’15’ font_color=” color=”]
Recently, we found a very worthwhile article explaining the NIST Guidelines regarding passwords. Here are a few excerpts from the article that we found especially useful. The link to the full article is below.

Let’s start with what’s new and what you should do in the world of the NIST password guidelines:
[/av_textblock]

[av_textblock size=’17’ font_color=” color=”]

Size matters. At least is does when it comes to passwords. NIST’s new guidelines say you need a minimum of 8 characters.

[/av_textblock]

[av_textblock size=’15’ font_color=” color=”]
The author goes on to say that a user should “allow a maximum length of at least 64.” It’s okay, we thought, “Uh, what?” too. But the reason behind this advice is to make it so that there are no “unnecessary restrictions on length” thereby creating much more options for password combinations.

Now, lets go on to what you shouldn’t do when it comes to your passwords.
[/av_textblock]

[av_textblock size=’17’ font_color=” color=”]

No password hints. NONE. If I wanted people to have a better chance at guessing my password, I’d write it on a note attached to my screen.”

[/av_textblock]

[av_textblock size=’15’ font_color=” color=”]
We like this advice. For the simple fact that it’s extremely true. As the author points out, if you let people choose their passwords freely and encourage longer phrases, this can make it easier for them to remember a password they created. He uses a great example of a terrible password disguised as a good one — “pA55w+rd”…..a quick way for your “pA55w+rd” to get compromised.
[/av_textblock]

[av_textblock size=’17’ font_color=” color=”]

No more expiration without reason. This is my favorite piece of advice: If we want users to comply and choose long, hard-to-guess passwords, we shouldn’t make them change those passwords unnecessarily.”

[/av_textblock]

[av_textblock size=’15’ font_color=” color=”]

It’s okay — go ahead and raise your hands in the air and say “Woo Hoo!” Nothing is more frustrating than creating a solid password, remembering it (which is the hardest part for me, honestly), and then having to change it a month later. Now you don’t have to. As the author stated,

“NIST’s goal is to get us to protect ourselves reliably without unneeded complexity, because complexity works against security.”

[/av_textblock]

[av_heading tag=’h3′ padding=’20’ heading=’Read the Full Article Below!’ color=” style=’blockquote modern-quote modern-centered’ custom_font=” size=’30’ subheading_active=” subheading_size=’15’ custom_class=”][/av_heading]

[av_button label=’Full NIST Password Guidelines Article’ link=’manually,https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/’ link_target=’_blank’ size=’x-large’ position=’center’ icon_select=’yes’ icon=’ue832′ font=’entypo-fontello’ color=’black’ custom_bg=’#444444′ custom_font=’#ffffff’]

[av_codeblock wrapper_element=” wrapper_element_attributes=”]

[/av_codeblock]

By | 2018-01-05T22:50:37+00:00 September 13th, 2016|Techni-Core Blog|0 Comments

About the Author:

Leave A Comment

Order our newest Book: "Weather the Storm in the Cloud"

Detailing how to move to the cloud and be DFARS 7012 Compliant.  Available on Amazon.com for Kindle!
PURCHASE ON AMAZON NOW
close-link