Posted in Network Security; Tagged how to create best password, nist, password recommendations, password guidelines, cybersecurity, how to protect identity, nist guidelines, secure password, security breach; Posted 10 months ago
Please Contact Us for questions about the acquisition, product support, or account management.here.
The days of passwords requiring a capital letter, special character, and numbers are no more. As it turns out, most of us were pretty bad at this, often simply swapping out a single character when periodically forced to change passwords.
The bad guys caught on to this method, and new guidelines have been constructed by the National Institute of Standards and Technology (NIST) for the first time since 2003.
NEW PASSWORD RECOMMENDATIONS
Passwords should be simple, yet long and memorable. A mix of phrases and typical words that only you would know and that you can easily remember.
Utilize long phrases alternatively to short passwords with special characters. Consider quotes from your favorite movies or television shows, song lyrics, inside jokes, etc. Just be sure they’re not too well known or regularly used in conversation, as dictionary password attacks will string together words for common phrases and famous short quotes. The best method is to utilize words that do not normally go together.
“If you can picture it in your head, and no one else could, that’s a good password,” said Paul Grassi, senior standards and technology adviser at NIST.
A lot of the attacks researchers see that are associated with the use of passwords are not affected by the complexity or length of the chosen password.
Keylogging, phishing, and social engineering attacks are just as effective on complex passwords than more simple ones.
Password changes only need to be enforced when a security breach of some sort has occurred.
The guidelines now recommend comparing passwords against either the most commonly used passwords or those that have already been compromised.
“Protect your identity with a combination of multifactor authentication wherever possible, along with more characters to make it more complex. Try to keep it simple enough to remember, such as long phrases,” said Shannon Culp, CBCP, CINSA, CHS-III, Solutions Architect at Nuspire Networks.
For the full new NIST guidelines, click here.