Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Latest Password Best Practices from the National Institute of Standards and Technology

The Latest Password Best Practices from the National Institute of Standards and Technology

Passwords are the first line of defense your accounts have against the myriad of threats out there. It’s imperative that you follow industry best practices when creating them so as to maximize security. Thankfully, the latest guidelines from the National Institute of Standards and Technology, or NIST, make creating secure passwords easy.

What is the NIST?

The NIST has been the go-to authority on password creation standards for quite some time, and while they constantly change their advised practices, it is to keep up with the endlessly-shifting nature of cybersecurity. Their most recent update to password best practices can be seen in the below guidelines.

New Guidelines

Several corporations currently use the NIST guidelines and all Federal agencies are expected to adhere to them as well. Here are the latest steps in creating a secure password.

1. Length is More Important than Complexity

Password complexity has been one of the pillars of password security for years, but these days, the guidelines disagree. NIST suggests that the longer the password, the harder it is to decrypt. In fact, according to the NIST, organizations that require new passwords to be complex with numbers, symbols, upper and lower-case letters, etc, actually make the password less secure.

There are two major reasons for this determination. The first is that users often make their passwords far too complicated and forget them, leading to the eventual addition of something like an exclamation point or a 1 at the end of the password. This doesn’t make the password much more complex. Furthermore, users might be tempted to use the same complex password for multiple accounts, which is certainly not going to help their cause.

2. Eliminate Password Resets

Most businesses require that their staff reset their passwords every so often, whether it’s every month or every few months. The strategy is supposed to ensure that even compromised passwords can only be used for so long, locking would-be hackers out after the password has been changed. NIST suggests that this practice is actually counterproductive to account security.

Their reasoning is that, if people have to set passwords up too frequently, they won’t be as careful when creating them. Furthermore, when people do change their passwords, they are more likely to use the same pattern to remember them. If a previous password has been compromised, there is a good chance that this pattern can give the attacker clues into what the current password is.

3. Don’t Hurt Security by Eliminating Ease of Use

A big concern that many network administrators have is that, if they remove options such as showing a password while the user types it in or allowing copy/paste, it is more likely that the password will be compromised. The truth is that ease of use does not compromise security; it turns out that making it easier for people to properly authenticate themselves is better for security than restricting them.

4. No More Password Hints

Some systems allow for password hints where the user can assign a question and a designated answer to access the account, should they forget the password. This system in itself is flawed and the very reason why many organizations have been hacked. Thanks to social media websites and the Internet as a whole, it’s not impossible to imagine a hacker using websites or other resources to look up information on a particular user to gain access to an account. And you know what they say; once it’s on the Internet, it’s there to stay.

5. Limit Password Attempts

Placing a limit on password attempts is beneficial for your organization’s network security in just about every circumstance imaginable. Password remembrance is usually one of two things; either the user will remember the password or they will have it stored somewhere. Locking users out of their account for a short period of time can be a great way to dissuade would-be hackers from trying to guess a user’s password.

6. Use Multi-Factor Authentication

At Total Tech Care, we like to reinforce with our clients that multi-factor or two-factor authentication is imperative for every account possible. The NIST recommends that users be able to demonstrate at least two of these three authentication measures before a successful login. They are the following:

  1. “Something you know” (like a password)
  2. “Something you have” (like a mobile device)
  3. “Something you are” (like a face or a fingerprint)

If at least two of these criteria are met, then chances are you are supposed to be on the network. Plus, consider how hard it would be for a hacker to gain access to more than one of the above. It just makes sense.

If you don’t make password security a priority for your business, you might come to regret it later, and no one wants to be the one responsible for a data breach. If you need a hand with implementing a password management system or other security best practices, reach out to us at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications Smartphones Communication Business Continuity IT Support Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Cybersecurity Quick Tips Users Business Management Phishing Managed IT Services Upgrade Windows Outsourced IT Ransomware Data Backup Windows 10 Cloud Computing Office Server Data Recovery Save Money Passwords Windows 10 Virtualization Tech Term Social Media Gadgets Saving Money Holiday Chrome Managed Service Automation Managed IT Services Microsoft Office Computers Facebook Cybercrime Artificial Intelligence Operating System Internet of Things BYOD Mobile Device Management Health Networking Wi-Fi IT Support Hacking Telephone Systems Covid-19 Information Technology Alert Managed Service Provider Remote Spam Information Office 365 Router BDR Recovery Employer-Employee Relationship Bandwidth Social Engineering Mobility App History Mobile Computing Law Enforcement Application Human Resources Password Data Breach Money Remote Monitoring Big Data Encryption Applications How To Office Tips Government Training Private Cloud VPN Data Storage Patch Management Managed IT Remote Computing Apps Blockchain Mobile Office Paperless Office Flexibility Infrastructure Marketing Voice over Internet Protocol Wireless WiFi Avoiding Downtime IT solutions Entertainment Website Gmail Budget Settings Vulnerability Windows 7 Word Bring Your Own Device Two-factor Authentication Data Management Work/Life Balance Servers Mouse HaaS Data Security Google Drive Sports Vendor HIPAA Redundancy Risk Management Managed Services Hacker Display Keyboard The Internet of Things Lithium-ion battery Employee/Employer Relationship RMM USB Data Protection Conferencing Save Time Firewall Scam Virtual Reality Apple Cleaning Social Vendor Management User Error End of Support Staff Software as a Service Telephone System Education Physical Security Meetings Machine Learning Safety Connectivity Remote Work Robot Samsung Excel PDF Unified Threat Management Google Docs Database Biometrics Computer Accessories Identity Theft Proactive IT Virtual Desktop Remote Workers Value Spam Blocking Processor Electronic Medical Records Best Practice DDoS YouTube Black Market Augmented Reality Hard Drive Hiring/Firing Printer Fraud SharePoint Bluetooth Remote Worker Document Management Solid State Drive Wireless Technology Customer Service Computing Cryptocurrency How to Downtime Environment Business Intelligence Fax Server IT Consultant Comparison Data storage Audit Worker Automobile SaaS IT Management Digital Signage Humor CES Botnet Computing Infrastructure Content Management Going Green IT Plan Business Technology Access Control Network Congestion eWaste Procurement Workplace Strategy Unsupported Software Virtual Assistant Net Neutrality Authentication Battery Shadow IT Charger Help Desk Legal Printing Compliance Wearable Technology Internet Exlporer OneNote Computer Care Update Retail Current Events Hard Drives Instant Messaging Managed Services Provider Virus Telephony Running Cable Monitoring Root Cause Analysis Batteries User HVAC PowerPoint Google Apps Windows Media Player Music Analysis Windows 8.1 HBO Digitize Knowledge Memory Administrator Windows Server 2008 R2 Devices Relocation Skype Customer relationships Data loss Managing Stress Enterprise Content Management Troubleshooting Accountants Video Games Email Best Practices Outlook IT Assessment Leadership MSP Manufacturing Microchip Thought Leadership Worker Commute Cameras Credit Cards Start Menu Computer Tips Screen Mirroring Managed IT Service Loyalty Password Management Science Security Cameras Experience Password Manager Books Scalability Multi-Factor Security Virtual CIO Frequently Asked Questions OneDrive Biometric Security Windows 10s Search Engine Twitter Business Owner Mobile Peripheral Distributed Denial of Service Digital Security Cameras NarrowBand Cast Customer Relationship Management Using Data NIST Business Mangement Emergency Smart Tech Search Trending Tip of the week Copiers webinar Analyitcs 5G Public Cloud Programming Employer Employee Relationship Addiction Printer Server Amazon iPhone Professional Services Quick Tip Ergonomics Assessment Smartwatch Recycling Practices Windows Server 2008 Development Wiring OLED Antivirus PCI DSS Virtual Machine Cache Amazon Web Services Files Tools 2FA Chromecast Fiber Optics Television Safe Mode Windows 8 Employee Criminal Cabling Hosted Computing IT service Messaging GDPR Policy Uninterrupted Power Supply Hypervisor Wireless Internet Online Shopping Colocation Dark mode Trend Micro Public Computer File Sharing Tablet Camera Default App Transportation Inventory Specifications Monitor Regulations Domains SMS Procedure Computer Fan Saving Time Rootkit Wire Evernote Travel IaaS dark theme Maintenance Shopping Google Search Workers Printers Bloatware IT Infrastructure Consultant Benefits Millennials Reputation AI Streaming Media FinTech Tech Support FENG Smart Office Bing Content Analytics Wireless Charging Techology Laptop Social Network IBM Tablets Virtual Private Network Entrepreneur Investment Best Available Smart Technology Workforce Customers Flash Employees Employee/Employer Relationships WIndows 7 Audiobook Cables Windows 365 Touchpad Software Tips Shortcut Supercomputer ISP Emails Project Management Cost Management ROI Nanotechnology Telecommuting Sync Video Conferencing Sales Social Networking Bitcoin Shortcuts Politics Cortana Advertising Digital Signature Point of Sale Personal Cryptomining Netflix Warranty Two Factor Authentication Supply Chain Management Notifications

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code