croom new

Eclipse Integrated Systems Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, February 24 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Business Computing Cloud Network Security Google Hackers User Tips Internet Productivity Software Malware Microsoft Business Management Innovation Efficiency Tech Term Hosted Solutions Computer Backup Email Windows 10 Business Browser Mobile Devices Apps Cybersecurity Smartphones Productivity Managed IT Services Hardware Passwords Small Business Smartphone Internet of Things Saving Money Data Recovery Windows Data Backup Communication Collaboration Holiday Android communications Cybercrime Virtualization VoIP Data Security Ransomware Disaster Recovery Network Mobile Device IT Support Workplace Tips Business Continuity Mobility Operating System Data Law Enforcement Microsoft Office Wireless Miscellaneous IT Services IT Support Users Office 365 Windows 10 Cloud Computing Password Money Gadgets Outsourced IT Phishing Chrome Wi-Fi Social Media Server Mobile Device Management Telephone Systems Update BDR Quick Tips Vulnerability Upgrade Unsupported Software Best Practice Risk Management Google Drive Social Facebook Cost Management Employer-Employee Relationship Application App Health Government Information Technology Shortcut Identity Theft Hacking Streaming Media Patch Management Data Management Bandwidth Politics User Error Save Money Marketing Managed IT Services Sports Two-factor Authentication Work/Life Balance Managed IT Networking Current Events Automation Office tips Proactive IT USB Spam Personal Information Alert Artificial Intelligence Antivirus Managed Service Provider Information Computers Blockchain Flexibility Managed Service Business Intelligence Data Storage Cleaning Connectivity Samsung OneNote Data Protection Encryption VPN Word Router History Compliance Social Engineering Applications Maintenance Telephony Humor Television Outlook End of Support Battery Training Instant Messaging Remote Computing Touchscreen Private Cloud Audit Save Time Excel Company Culture Recovery Storage iPhone Managing Stress HaaS BYOD Devices SaaS Commerce Meetings Remote Monitoring and Management Gmail Automobile Computer Care Tech Support Cortana Access Control Going Green Apple Medical IT Transportation G Suite Legal Mobile Security Internet Exlporer Wireless Technology Wireless Charging Search The Internet of Things Google Docs Analytics eWaste WiFi Office Hosted Solution Fraud Mobile Computing DDoS Identity Adobe Microsoft Word Running Cable Wireless Internet Touchpad Healthcare Comparison Websites Amazon IT solutions Trending Data Breach Education Authorization Data storage Microsoft Excel Identities Big Data SharePoint Credit Cards Value Dark Web Scam Nanotechnology Lithium-ion battery Edge Bluetooth Distributed Denial of Service Hybrid Cloud Consultant Screen Mirroring Specifications Scalability Data Privacy Hiring/Firing iOS Administrator PDF Worker Commute Unified Communications Help Desk E-Commerce Data Theft Virtual Assistant Windows 10s Evernote Downloads File Sharing Language Books IT Management Error Employer Employee Relationship Root Cause Analysis Windows Ink Ciminal Experience Fax Server Managed IT Service Cast Sales How To Hard Drive Benefits Access Licensing Device Security Text Messaging RAM Certification Uninterrupted Power Supply Operating Sysytem Payment Teamwork Computing Plug-In Solid State Drive Budget Point of Sale Trends Troubleshooting Settings Electronic Medical Records IT Solutions FAQ Internet Explorer Microsoft Office 365 Computer Accessories Augmented Reality Google Maps Project Management Phone System Cables Retail Chromebook Reporting Smart Technology Computer Fan Travel Microsoft Teams Security Cameras Avoiding Downtime Vulnerabilities App store Hacker Hard Disk Drive Chromecast Sync Workers Advertising Wearable Technology A.I. Profitability Video Games Safety Emails Files Charger Threat Data Loss IT budget Music Virus Voice over Internet Protocol Cryptocurrency Conferencing Reputation Printing WannaCry Tablets Spyware Wearables Unified Threat Management Analysis Keyboard Updates Movies Eliminating Downtime Laptop Legislation Webinar WIndows Server 2008 Virtual Reality PowerPoint Authentication Vendor Management Proactive HBO Gifts Black Market Google Assistant GDPR Robot NFL Entertainment Bring Your Own Device Upgrades Worker Printers Relocation Twitter Regulation Cache Remote Monitoring Emergency CrashOverride Disaster Paperless Office Monitors

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login