Contact us today!
561-795-2000 
844-795-2001

FRS Pros Blog

Tip of the Week: New Password Recommendations by NIST

Tip of the Week: New Password Recommendations by NIST

Passwords are always a major pain point for businesses, but in some industries, their importance is emphasized more than others. In particular, government-based organizations need to be prepared to keep more secure passwords. While we understand that not all organizations are government-based, there’s something to be said about proper password practices that we can all learn something from.

The United States’ National Institute of Standards and Technology has issued new password recommendations and standards for government officials, and everyone can stand to benefit from at least considering the recommendations--even in the business sector. Some of these might seem a bit odd compared to what professionals typically say about passwords but bear with us. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the Passwords User-Friendly: Above all else, under the regulations of NIST, passwords should be user-friendly and place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a Minimum of 8 Characters: NIST’s new guidelines suggest that all passwords have a bare minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

As for some of the things to avoid using, here are some to consider:

  • Composition rules aren’t great: Stop trying to tell your employees what to use in their passwords. Instead, encourage users to use passphrases that are long and alphanumeric in nature.
  • Ditch password hints: This is one you might not have heard of. NIST asks that password hints be removed, as anyone trying to break into an account can use their knowledge of the target to overcome this barrier and change a password (or find out the current one). The same can be said for knowledge-based authentication involving questions about the user’s personal life.
  • No more password expiration: This goes back to the “user-friendly” aspect of passwords mentioned earlier. The only time passwords should be reset is if they are forgotten, phished, or stolen.

Overall, NIST wants to try and help make passwords less of a pain for users while still maintaining a similar level of security. What are your thoughts on some of these new standards? Let us know in the comments.

7 Tips to Take Control of Your PII
3 Data Recovery Issues to Consider
 

Comments 2

Jaycie man on Sunday, 20 January 2019 08:33

As I website owner I believe the articles here is really fantastic , thankyou for your efforts. Vivienda Vacacional

As I website owner I believe the articles here is really fantastic , thankyou for your efforts. [url=http://fuerte-assist.com]Vivienda Vacacional[/url]
Jaycie man on Tuesday, 22 January 2019 06:08

I really wanted to send a quick word in order to thank you for all of the remarkable points you are giving out here. My time consuming internet look up has now been rewarded with reliable details to write about with my friends and family. I would repeat that most of us site visitors actually are very much lucky to be in a notable site with very many awesome people with very beneficial points. I feel truly blessed to have discovered the website page and look forward to really more excellent minutes reading here. Thanks again for everything. load cells

I really wanted to send a quick word in order to thank you for all of the remarkable points you are giving out here. My time consuming internet look up has now been rewarded with reliable details to write about with my friends and family. I would repeat that most of us site visitors actually are very much lucky to be in a notable site with very many awesome people with very beneficial points. I feel truly blessed to have discovered the website page and look forward to really more excellent minutes reading here. Thanks again for everything. [url=https://www.transducertechniques.com/]load cells[/url]
Already Registered? Login Here
Guest
Wednesday, February 20 2019

Captcha Image

Mobile? Grab this Article!

QR-Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Internet Network Security Cloud Business Computing Google Business Management User Tips Productivity Tech Term Hackers Software Microsoft Hardware Data Backup Computer Mobile Devices Malware Browser Cybersecurity Efficiency Hosted Solutions Smartphone Windows 10 Windows IT Services Internet of Things Data Recovery Android Data Security Office 365 Upgrade Data Apps Email Smartphones Innovation Cybercrime Outsourced IT Operating System VoIP Backup IT Support Business Continuity Communications Money Business Server Mobile Device Management Alert Vulnerability Disaster Recovery Law Enforcement Ransomware Phishing Small Business Saving Money Virtualization Spam Managed IT Services Passwords Miscellaneous Best Practice IT Support Collaboration Workplace Tips Network Users Employer-Employee Relationship Applications Chrome Microsoft Office Managed IT Services Unsupported Software Holiday Communication Networking Artificial Intelligence App Cloud Computing Information Technology Telephone Systems Gadgets Tech Support Social Media Automation Information OneNote Facebook Bring Your Own Device Blockchain Router Two-factor Authentication Windows 10 Google Drive Managed Service Provider Managed IT Computers IT Management Cost Management User Error Budget Augmented Reality Business Technology Commerce Cortana Wireless Technology WannaCry Risk Management Data Management Government Word Productivity Wi-Fi Google Docs Project Management Update Sports Proactive IT Patch Management Wireless Charging SaaS Robot Shortcut Devices Politics Touchscreen Data Storage The Internet of Things VPN iPhone Password Access Control Data Breach BDR Managed Service WiFi Mobile Device Mobile Security Travel Health Audit Excel Hacking Gmail Google Assistant Data Protection Application Quick Tips Fraud Encryption Save Money Hosted Solution Search Safety Avoiding Downtime Mobility Evernote Disaster Value Wasting Time Hard Disk Drive Laptop FAQ Recovery Transportation Edge Data Privacy Windows 7 Marketing BYOD Retail Websites Hacker Amazon Downtime Private Cloud NFL eWaste Identities Emergency Gamification Keyboard Shortcuts Data Loss Ciminal Accessory IT Solutions Touchpad Charger Point of Sale Administrator Software as a Service Going Green Social Hard Drive Display Webinar Conferencing Data Theft Streaming Media Virtual Assistant E-Commerce Device Security Entertainment Lithium-ion battery Testing Consultant Legislation Language Memory Human Resources Adobe Workers Identity Theft Computer Forensics Peripheral Humor Access Bandwidth Remote Monitoring Chromebook Co-Managed Services IT solutions Gifts Computing Chromecast Alexa for Business Payment Cards Windows Ink Camera Comparison Financial Payroll Licensing Personal Information Updates Vendor Management Telephony Microsoft Excel IT budget Management iOS WIndows Server 2008 Outlook Scam Internet Exlporer Printing Telephone Windows 10s HBO Credit Cards App store Employee Reputation Google Maps Spyware Projects Screen Mirroring Data storage Specifications Virus Computer Care Security Cameras Nanotechnology History Microsoft Word Samsung Uninterrupted Power Supply Unified Threat Management Remote Computing File Sharing PowerPoint Admin Vendor Legal Hyperlink Solid State Drive Meetings Apple Identity Emails Cast Settings Sales Proactive Hybrid Cloud Machine Learning Root Cause Analysis Tablets Wireless Maintenance Antivirus Employee-Employer Relationship Upgrades Storage Social Engineering Files Wireless Internet Saving Time Computer Fan Sync DDoS Flexibility Music Office tips Battery Smart Technology Regulation Advertising Instant Messaging Scalability Analytics Twitter Cache Keyboard End of Support Black Market Cleaning Training Monitors HaaS Thank You Relocation Big Data Automobile Office Managing Stress Television CrashOverride USB Worker Company Culture Congratulations How To Books Video Games Experience PDF Education Hiring/Firing Virtual Reality Mobile Computing Work/Life Balance Current Events Electronic Medical Records es Crowdsourcing Employer Employee Relationship Phone System Text Messaging Benefits Compliance Printers Save Time Computer Accessories