croom new

Eclipse Integrated Systems Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, April 24 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Business Computing Network Security Cloud Google User Tips Internet Productivity Hackers Microsoft Software Malware Business Management Innovation Efficiency Tech Term Computer Business Hosted Solutions Email Backup Mobile Devices Windows 10 Smartphones Apps Browser Communication Cybersecurity Managed IT Services Productivity Hardware Windows Passwords Small Business Data Backup Data Recovery Data Saving Money Smartphone Internet of Things Collaboration IT Support Holiday Workplace Tips Data Security communications Android Users VoIP Virtualization Cybercrime Mobile Device Mobility Outsourced IT Law Enforcement Business Continuity Operating System Wireless Windows 10 Chrome Microsoft Office Ransomware Disaster Recovery IT Services Network Miscellaneous Cloud Computing IT Support Gadgets Office 365 Update Managed IT Services Password Bandwidth Phishing Wi-Fi Health BDR Quick Tips Social Media Mobile Device Management Telephone Systems Server Money Upgrade Risk Management Best Practice Facebook Google Drive Social Cost Management Employer-Employee Relationship Government Application Vulnerability Information Technology Unsupported Software App Networking Computers Streaming Media Hacking Work/Life Balance User Error Managed IT Marketing Proactive IT Data Management Current Events Office tips Save Money USB Blockchain Sports Information Personal Information Spam Artificial Intelligence Antivirus Patch Management Managed Service Provider Automation Office Identity Theft Shortcut Two-factor Authentication Alert Politics History Mobile Computing DDoS Internet Exlporer WiFi Wireless Technology Excel The Internet of Things End of Support Battery Storage Hosted Solution Instant Messaging Training Touchscreen Private Cloud Net Neutrality Devices BYOD Remote Monitoring and Management Audit Cortana Save Time VPN Access Control iPhone Managing Stress Television Company Culture HaaS Social Engineering Medical IT Telephony G Suite Humor Commerce Mobile Security Automobile SaaS Wireless Charging Remote Computing Google Docs Computer Care Healthcare Fraud Managed Service Legal Recovery Business Intelligence Data Storage Analytics Connectivity Search Meetings Data Protection Value Going Green Word Gmail Compliance Flexibility Applications Maintenance Tech Support Apple Outlook Cleaning Transportation Encryption eWaste Samsung OneNote Router Consultant Hard Drive Chrome OS Scalability Licensing Device Security Scam Nanotechnology RAM Laptop Certification PDF Worker Commute Cast Sales Plug-In Vulnerabilities Books Running Cable Hiring/Firing iOS Trends Troubleshooting Computing IT Solutions FAQ Windows 10s Internet Explorer Robot Microsoft Office 365 SharePoint Google Maps Project Management Cables Experience Chromebook Reporting How To Bluetooth Distributed Denial of Service Travel Employer Employee Relationship Root Cause Analysis Microsoft Teams Touchpad Security Cameras Text Messaging Retail Trending App store Cryptocurrency Sync Workers Benefits A.I. Data storage Profitability Point of Sale Charger Solid State Drive Lithium-ion battery Threat Data Loss IT budget Settings Virus Voice over Internet Protocol Phone System Conferencing Electronic Medical Records Printing Administrator Human Resources Fax Server Tablets Spyware Computer Accessories Augmented Reality Wearables Analysis Paperless Office Video Games Updates Smart Technology Computer Fan Movies Eliminating Downtime Advertising Legislation Music WIndows Server 2008 Hacker Hard Disk Drive PowerPoint Authentication Teamwork Proactive HBO Gifts Safety Emails Google Assistant Access GDPR Reputation Employee-Employer Relationship NFL Uninterrupted Power Supply Bring Your Own Device Operating Sysytem Unified Threat Management Identity Budget Adobe Microsoft Word WannaCry Wireless Internet Comparison E-Commerce Wearable Technology Data Breach Keyboard Authorization Virtual Reality Microsoft Excel Identities Websites Amazon Credit Cards Webinar Dark Web Electronic Health Records Black Market Edge Vendor Management Hybrid Cloud Avoiding Downtime Entertainment Upgrades Data Privacy Chromecast Time Management Unified Communications Help Desk Screen Mirroring Specifications Payment Big Data Evernote Downloads Education File Sharing Language Data Theft Files Virtual Assistant IT Management IT solutions Error Employees Windows Ink Ciminal Managed IT Service Regulation Worker Relocation Disaster Cache Windows 7 Remote Monitoring Emergency CrashOverride Monitors Printers Twitter

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login