Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Texas Professional IT Services LLC Blog

Tip of the Week: NIST Password Guidelines

Tip of the Week: NIST Password Guidelines

Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.

The United States’ National Institute of Standards and Technology has new password recommendations and standards for government officials, and you can learn a thing or two from them. Some of these might seem weird at first, but try to think about it from a user’s perspective. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the passwords user-friendly: The regulations of NIST demand that passwords should be user-friendly above all else. They should also place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called ‘best practices’ and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a minimum of eight characters: All passwords must have a bar minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

For some tips on what to avoid in passwords, here are some to consider:

  • Avoid composition rules: Telling employees what to use in their passwords doesn’t help. Instead, encourage your users to use passphrases that are long and alphanumeric in nature.
  • Eliminate password hints: Anything that makes it easier for someone to recover a lost password should be removed. This goes for the hints, as they are often questions that can be answered just by digging through a person’s social media profile or public records.
  • Cut out password expiration: The more often a user has to reset their password, the more annoyed they will get. Instead, reset passwords only if they are forgotten, phished, or stolen.

NIST standards might seem a little strange from a traditional password security standpoint, but they aim to make passwords more user-friendly while maintaining security. What are your thoughts on this? Let us know in the comments.

The Key Facets to Managing Personally Identifiable...
Taking a Look at Facebook’s Recent Controversies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, March 20, 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Privacy Cloud Network Security Productivity User Tips Cybersecurity Microsoft Tech Term Communication Communications Google Smartphones Malware Efficiency Managed IT Services Email Software Hackers Backup Data Business Hardware Outsourced IT Internet Browser Android Windows 10 Innovation Passwords Ransomware VoIp IT Services Business Management Collaboration Small Business Data Backup Wi-Fi Mobile Devices Mobile Device Users Internet of Things Data Recovery Save Money Managed IT Services Hosted Solutions IT Support Network Cloud Computing Social Media Applications Smartphone Microsoft Office Holiday Business Intelligence Apps Saving Money Wireless Access Control Miscellaneous Blockchain Networking Computer Password Word Patch Management Business Continuity Workplace Tips Data Breach Automation Phishing VoIP Data Management Router Analytics Employer-Employee Relationship Chrome Marketing Office Government Bandwidth Information Excel Office 365 Settings Twitter Spam Vulnerability Battery Cost Management Virtualization Connectivity Managed Service Law Enforcement Virus Cortana Scam Computers Remote Computing BYOD How To Gadgets Cybercrime Compliance Dark Web Artificial Intelligence Facebook App Data Protection BDR Workers G Suite Retail Data Security Mobility Company Culture Physical Security Paperless Office Politics VPN Mobile Device Management Remote Monitoring and Management Tech Terms Managed IT Service Windows Gmail Alert Virtual Assistant IT Support Medical IT Tip of the week Wireless Charging Website Security Cameras Multi-Factor Security Tech Support User Tip Access Touchscreen iPhone WannaCry Movies Edge Comparison SaaS Time Management Data loss Cables Help Desk Phone System Payment Server Management Voice over IP Printing Printers Update Staffing Email Management SSD Information Technology Wearables Shortcut Database Microsoft Office 365 Dongle HIPAA Unified Communications Specifications Environment GDPR Chrome OS Remote Support Antivirus Server Streaming Media Voice over Internet Protocol Upgrade instant Messaging Recovery News eCommerce Paper Smart Technology Outlook Sales Plug-In Healthcare Travel IT budget Telecommuting Tactics Authentication Automobile Telephone Systems Hard Drive RAM Certification Gadget Google Drive Big Data Conferencing e-waste Storage Hosted Solution Staff Downloads Inventory Vulnerabilities Managed IT Telephone System Machine Learning Online Shopping Ink Profitability Document Management Tablet Proactive IT Education IT Management Millennials Maintenance Authorization File Sharing Technology Tips Processors Microsoft Teams Two-factor Authentication Content Filtering disposal Remote Monitoring Error Copy Websites Lead Generation Trends Knowledge Mobile Security Reporting Cryptocurrency Cleaning PowerPoint Bring Your Own Device Eliminating Downtime Personal Information Live Streaming Internet Explorer Disaster Recovery Google Maps Remote Control User Security Backup and Disaster Recovery Spyware Managing Stress Amazon Training Licensing Laptop Value Biometrics Paste Apple Safety A.I. Files Digital Operating System Botnet Telecommute Sports Hybrid Cloud Wireless Internet Entertainment Analysis E-Commerce WhatsApp Network Attached Storage Telephony Threat Printer Server Troubleshooting Hiring/Firing Spam Blocking Business Technology Hard Drives HP Congratulations WiFi Regulation Emergency Quick Tips Windows 7 Thank You CrashOverride

Latest News & Events

Texas Professional IT Services LLC is proud to announce the launch of our new website at http://www.texproit.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Texas Professional IT Services LLC can do for your business.

Call Us Today
Call us today
(832) 514-6260

1209 Decker Dr.
STE 202

Baytown, Texas 77520