Contact us today!

FRS Pros Blog

Tip of the Week: New Password Recommendations by NIST

Tip of the Week: New Password Recommendations by NIST

Passwords are always a major pain point for businesses, but in some industries, their importance is emphasized more than others. In particular, government-based organizations need to be prepared to keep more secure passwords. While we understand that not all organizations are government-based, there’s something to be said about proper password practices that we can all learn something from.

The United States’ National Institute of Standards and Technology has issued new password recommendations and standards for government officials, and everyone can stand to benefit from at least considering the recommendations--even in the business sector. Some of these might seem a bit odd compared to what professionals typically say about passwords but bear with us. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the Passwords User-Friendly: Above all else, under the regulations of NIST, passwords should be user-friendly and place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a Minimum of 8 Characters: NIST’s new guidelines suggest that all passwords have a bare minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

As for some of the things to avoid using, here are some to consider:

  • Composition rules aren’t great: Stop trying to tell your employees what to use in their passwords. Instead, encourage users to use passphrases that are long and alphanumeric in nature.
  • Ditch password hints: This is one you might not have heard of. NIST asks that password hints be removed, as anyone trying to break into an account can use their knowledge of the target to overcome this barrier and change a password (or find out the current one). The same can be said for knowledge-based authentication involving questions about the user’s personal life.
  • No more password expiration: This goes back to the “user-friendly” aspect of passwords mentioned earlier. The only time passwords should be reset is if they are forgotten, phished, or stolen.

Overall, NIST wants to try and help make passwords less of a pain for users while still maintaining a similar level of security. What are your thoughts on some of these new standards? Let us know in the comments.

7 Tips to Take Control of Your PII
3 Data Recovery Issues to Consider

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Network Security Business Computing Productivity Privacy Internet User Tips Hackers Google Software Cloud Microsoft Business Management Hardware Computer Innovation Tech Term Efficiency Malware Data Backup Data Mobile Devices Hosted Solutions Smartphones Smartphone Windows 10 Data Recovery Browser Office 365 Cybersecurity IT Services Email Upgrade Internet of Things Gadgets Android Communication Backup Windows IT Support Outsourced IT Apps Workplace Tips Data Security Business Small Business Cybercrime Disaster Recovery VoIP Communications Phishing Business Continuity Ransomware Operating System Mobile Device Management Network OneNote Alert Law Enforcement Saving Money Information Server Employer-Employee Relationship Users Cloud Computing Vulnerability Money Artificial Intelligence Passwords Miscellaneous Managed Service Social Media Virtualization IT Support Facebook Blockchain Managed IT Services Health Applications Wireless Chrome Spam Best Practice Automation Microsoft Office Collaboration Managed IT Services Hacking Information Technology Windows 10 Save Money Computers Managed Service Provider Managed IT Bring Your Own Device Two-factor Authentication BYOD Unsupported Software Router Telephone Systems Google Drive App Tech Support Networking Password Data Storage Word Holiday Risk Management Patch Management Wireless Charging Google Docs Project Management Mobile Device Robot Gmail Devices Audit Wi-Fi Data Breach Data Protection The Internet of Things Access Control Meetings VPN iPhone Printing Update Mobile Security Politics Travel Budget Shortcut Excel IT Management Wireless Technology File Sharing Cost Management BDR Data Management Google Assistant Fraud Augmented Reality Commerce Quick Tips WannaCry Hybrid Cloud Hosted Solution Evernote Productivity Search Sports User Error Avoiding Downtime Mobility Application Windows 7 Telephony Business Technology Proactive IT Encryption Cortana SaaS Safety Data Loss Conferencing Touchscreen Hard Drive Display Government WiFi Investment Bandwidth YouTube Windows 10s HBO Computer Forensics Peripheral Emergency Alexa for Business Payment Cards Point of Sale Gifts Computing Screen Mirroring Chromebook Co-Managed Services Windows Ink Computer Care Nanotechnology Humor Sabotage Business Intelligence Camera Entertainment Licensing Updates Financial Payroll Comparison Unified Threat Management ROI DDoS Employees Outlook Identity Theft Solid State Drive Files Management Microsoft Excel IT budget Personal Information Employee Office Credit Cards App store Emails Cast Disaster Telephone Google Maps Spyware Root Cause Analysis PC Recovery Virus Upgrades Reputation Digital Signage Projects Microsoft Word Computer Fan Security Cameras Specifications Windows Server 2008 R2 Vendor OneDrive Vendor Management Hard Disk Drive Data storage PowerPoint Admin History Break/Fix Scam Marketing Remote Computing Hyperlink Apple Paperless Office Administrator Sales Proactive Firewall Lithium-ion battery Identity Tablets Maintenance Streaming Media Machine Learning Education Mobile Office Employee-Employer Relationship Voice over Internet Protocol Sync Samsung IT Solutions Settings Wireless Internet Saving Time Storage Social Engineering Access Medical IT FAQ Webinar Value Wasting Time Edge Smartwatch Downtime Retail Websites Consultant Transportation Processor Data Privacy Legal NFL eWaste Laptop Chromecast Amazon Private Cloud Development Antivirus Gamification Keyboard Shortcuts Identities Remote Monitoring Internet Exlporer Software as a Service 5G Charger IT solutions Accessory Ciminal Server Maintenance Virtual Assistant E-Commerce Battery Data Theft Going Green Social Benchmarks Device Security Touchpad Micrsosoft Uninterrupted Power Supply Testing Adobe Workers iOS WIndows Server 2008 Memory Human Resources Instant Messaging Hacker Legislation Language End of Support HaaS Relocation Scalability Analytics Keyboard Black Market Cleaning Automobile Big Data PDF Managing Stress Mobile Computing es USB Worker Compliance How To Books Hiring/Firing Printers Video Games Experience Text Messaging Thank You Work/Life Balance Virtual Reality Cache Regulation Crowdsourcing Employer Employee Relationship Current Events Electronic Medical Records Benefits Phone System Training Monitors Office tips Congratulations Advertising Save Time Computer Accessories Twitter Television CrashOverride Smart Technology Flexibility Music Company Culture