Call Us Today! (256) 704-0234 |

Updated NIST Guidelines on Password Policies

||Updated NIST Guidelines on Password Policies

Updated NIST Guidelines on Password Policies

Recently, we found a very worthwhile article explaining the NIST Guidelines regarding passwords. Here are a few excerpts from the article that we found especially useful. The link to the full article is below.

Let’s start with what’s new and what you should do in the world of the NIST password guidelines:

Size matters. At least is does when it comes to passwords. NIST’s new guidelines say you need a minimum of 8 characters.

The author goes on to say that a user should “allow a maximum length of at least 64.” It’s okay, we thought, “Uh, what?” too. But the reason behind this advice is to make it so that there are no “unnecessary restrictions on length” thereby creating much more options for password combinations.

Now, lets go on to what you shouldn’t do when it comes to your passwords.

No password hints. NONE. If I wanted people to have a better chance at guessing my password, I’d write it on a note attached to my screen.”

We like this advice. For the simple fact that it’s extremely true. As the author points out, if you let people choose their passwords freely and encourage longer phrases, this can make it easier for them to remember a password they created. He uses a great example of a terrible password disguised as a good one — “pA55w+rd”…..a quick way for your “pA55w+rd” to get compromised.

No more expiration without reason. This is my favorite piece of advice: If we want users to comply and choose long, hard-to-guess passwords, we shouldn’t make them change those passwords unnecessarily.”

It’s okay — go ahead and raise your hands in the air and say “Woo Hoo!” Nothing is more frustrating than creating a solid password, remembering it (which is the hardest part for me, honestly), and then having to change it a month later. Now you don’t have to. As the author stated,

“NIST’s goal is to get us to protect ourselves reliably without unneeded complexity, because complexity works against security.”

By |2018-06-02T17:53:08+00:00September 13th, 2016|Techni-Core Blog|0 Comments

About the Author:

Hi, everyone! My name is Jana Abbott Ricchetti, and I serve as Techni-Core's Team Lead, Project Manager for all IT and Cyber Security services, and Marketing/Business Development Manager. I am a graduate of Mississippi State University (Hail State!) with a degree in Communication Studies. I joined Techni-Core about four years ago. Over that time, I have worked with executive leadership to rebrand TCNS, expand service offerings, structure more successful and efficient compliance projects, and foster vendor relationships to serve all of our customers. The best part of my job is the reward of knowing that our services directly support the success of our customers - there is no better feeling! My customers are the bomb, and I am so honored that they trust me to manage their IT, Compliance, and Cyber services. I LOVE phone calls from customers, so give me a call any time you need anything - I am always happy to help.

Leave A Comment