Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Understanding the New NIST Guidelines for Password Security

Total Tech Care Blog
0 Comments
Understanding the New NIST Guidelines for Password Security

The National Institute for Standards and Technology (NIST) has released Special Publication 800-63B, titled Digital Identity Guidelines. The document outlines major changes to the ways password security should be approached and leaves a lot of what network administrators and software developers have implemented recently to be wrong Today, we’ll take a look at the publication, and try to make sense of the sudden change of course.

NIST is a non-regulatory federal agency that works under the umbrella of the U.S. Department of Commerce. Its mission is to promote U.S. innovation and competitiveness by advancing a uniform measurement standard. Many NIST guidelines become the foundation for best practices in data security. As a result, any publication they produce having to do with cyber or network security should be considered.

A Look at SP 800-63B
The newest password guidelines are a swift about-face in strategy as compared to previous NIST suggestions. Instead of a strategy of ensuring that all passwords meet some type of arbitrary complexity requirements, the new strategy is to create passwords that are easier and more intuitive. Here are some of the highlights:

  • Passwords should be compared to dictionaries and commonly-used passwords
  • Eliminate or reduce complexity rules for passwords
  • All printable characters allowed, including spaces
  • Expiration of passwords no longer based on time password has been in use
  • Maximum length increased to 64 characters.

Basically, the new guidelines recommend longer passphrases to the complex passwords as they are hard for people to remember, and even with complexity rules in place, it was becoming increasingly easy for algorithms to crack passwords (seen in the comic strip below).

ib nist cartoon 1

As stated before, NIST is not a regulatory organization, but federal agencies and contractors use NIST’s information in order to set up secure computing environments in which to display, store, and share sensitive unclassified information.

In making these changes to password strategy, NIST is now considering the fact that many industry professionals knew: a password you can’t remember may be secure, but if it’s so secure that you have to rely on third-party software to utilize it, it’s not really that effective at mitigating risk. NIST now looks at the passphrase strategy, along with two-factor authentication as the go-to risk management strategy. SMS-based two-factor authentication was not mentioned in the final report but has come under scrutiny as it has contributed to multiple hacks in recent times.

The NIST also explicitly commands that network administrators be mindful to forbid commonly used passwords; effectively creating a blacklist of passwords. The new guidelines also suggest that users shouldn’t be using the password hints or knowledge-based authentication options; a common practice among banking and FinTech applications to this day. We’ll see if there is a strategic alteration in these companies’ practices as the new NIST guidelines become best practices.

If you are looking for more information about best password practices and data security, the IT experts at Total Tech Care are here to help. Call us today at 866-348-2602 to have your password strategy assessed by the professionals.

Comic by XKCD.

Tweet
Tags:
Password Password Management NIST
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 23 November 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications Smartphones Communication IT Support Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Cybersecurity Quick Tips Users Business Management Phishing Managed IT Services Windows Upgrade Outsourced IT Ransomware Data Backup Windows 10 Save Money Cloud Computing Office Data Recovery Server Passwords Windows 10 Chrome Tech Term Virtualization Social Media Saving Money Holiday Gadgets Managed Service Microsoft Office Automation Managed IT Services Operating System Artificial Intelligence Facebook Computers Cybercrime Wi-Fi Hacking BYOD Health Mobile Device Management Internet of Things Networking IT Support Managed Service Provider Information Office 365 Telephone Systems Information Technology Remote Spam Alert Covid-19 Social Engineering Mobility Recovery Employer-Employee Relationship Router Bandwidth BDR Big Data Password Money App History Encryption Mobile Computing Applications Data Breach Application Human Resources Law Enforcement Remote Monitoring Managed IT Apps Office Tips Data Storage Patch Management Training VPN Government Remote Computing Blockchain Private Cloud Paperless Office Mobile Office How To Bring Your Own Device Data Management Work/Life Balance Infrastructure Voice over Internet Protocol Wireless Vulnerability Flexibility Marketing Windows 7 Word Gmail WiFi Google Drive IT solutions Entertainment Settings Website Servers Budget Two-factor Authentication Avoiding Downtime Data Security Mouse HaaS Meetings Connectivity Remote Work Employee/Employer Relationship Cleaning RMM Risk Management Hacker Conferencing End of Support The Internet of Things Physical Security Lithium-ion battery Scam Education Safety Data Protection HIPAA Sports Redundancy Firewall Keyboard Vendor Management USB Virtual Reality Apple Vendor Social Managed Services Staff Software as a Service Display Telephone System User Error Save Time Machine Learning Data storage Update Wearable Technology Automobile Spam Blocking Electronic Medical Records Retail Hard Drives Hard Drive Instant Messaging Google Docs Robot Computing Infrastructure Excel Hiring/Firing Identity Theft Going Green Biometrics Computing Virtual Desktop Virus Unified Threat Management Battery Augmented Reality DDoS Shadow IT Fraud Computer Accessories Legal Business Intelligence Digital Signage SharePoint Remote Worker Audit Internet Exlporer Worker IT Management Cryptocurrency Botnet Customer Service PDF Printer IT Plan Bluetooth Environment Procurement Comparison Net Neutrality Workplace Strategy Fax Server Proactive IT Help Desk Unsupported Software CES Printing Best Practice SaaS YouTube Charger Business Technology IT Consultant Black Market Content Management Access Control Compliance OneNote Computer Care Managed Services Provider Humor Network Congestion Virtual Assistant Current Events eWaste Document Management Telephony Authentication Database Solid State Drive Wireless Technology Samsung Downtime Remote Workers How to Value Processor Cost Management Leadership Digital Signature Managed IT Service Troubleshooting Security Cameras Outlook Computer Tips Start Menu Warranty Virtual CIO Social Networking Colocation OneDrive Best Available Uninterrupted Power Supply Biometric Security Screen Mirroring HVAC Peripheral WIndows 7 Loyalty Google Apps Monitor Analysis Using Data Books Frequently Asked Questions Digital Security Cameras Running Cable Mobile Administrator Windows 10s Devices Copiers 5G Cast Enterprise Content Management Quick Tip Memory Reputation webinar Accountants Streaming Media Emergency Smartwatch Tip of the week MSP Ergonomics Content Professional Services Microchip Public Cloud Thought Leadership Development Tech Support Employer Employee Relationship Credit Cards OLED Windows Media Player Techology Password Management PCI DSS User Laptop Assessment Password Manager Virtual Machine PowerPoint Customers Fiber Optics Multi-Factor Security Employee Windows Server 2008 2FA Audiobook Tools Search Engine Twitter Messaging Science Cabling NIST Policy Managing Stress Touchpad Television Business Mangement Hypervisor Smart Tech Trend Micro Trending Dark mode Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction SMS Amazon Default App Cameras Procedure Analyitcs Public Computer Recycling Saving Time Programming Practices Shopping Notifications Transportation Google Search Regulations Wiring dark theme Computer Fan Cache AI Rootkit Amazon Web Services IT Infrastructure Bing Safe Mode FinTech Criminal Relocation Workers Hosted Computing Social Network Benefits Antivirus GDPR FENG Wireless Internet Windows 8 Online Shopping Investment Printer Server IT service Video Games File Sharing Employees IBM Employee/Employer Relationships Inventory Smart Technology Specifications ISP Worker Commute Flash Camera Windows 365 Experience Wire Video Conferencing Tablet Evernote ROI Travel Shortcuts Domains Scalability Software Tips Sales Supercomputer Bitcoin Emails Personal Millennials Cryptomining Business Owner Sync Printers Point of Sale IaaS Maintenance Smart Office Supply Chain Management NarrowBand Wireless Charging Search Monitoring Bloatware Batteries Virtual Private Network Windows 8.1 iPhone Netflix Digitize Two Factor Authentication Workforce Root Cause Analysis Tablets Cables Windows Server 2008 R2 Entrepreneur Knowledge Music HBO Customer relationships Skype Project Management Email Best Practices Files Nanotechnology IT Assessment Consultant Telecommuting Manufacturing Shortcut Data loss Chromecast Cortana Analytics

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code