The National Institute of Standards and Technology (NIST) once said that a good password consisted of three things: upper- and lowercase letters, numbers, and symbols. However, the NIST has now reversed its stance on good passwords. Here’s why and what they are now recommending. The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “[email protected]” Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms. Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so. Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements. Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies. MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers’ attempts to crack passwords would be futile. Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack. What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised. Finally, you should also enforce the following security solutions within your company: When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.
The problem
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.The solution
Swift Chip is your IT partner in business growth and profitability. We love our clients—and here’s why they love us too:
Get this NEW release book on Amazon that basically takes the wisdom from some of the most well-known writings about warfare, political intrigue, martial arts, history, and strategy and applies it to modern-day cybersecurity. The tools and techniques have changed, but the primary principles remain the same in protecting modern data systems.
Buy NowWe believe that “small things do count”, so we have built some initiatives in our business to help others less fortunate than us. One of these is that we’ve partnered with an organization committed to planting trees and saving lives in the process. Eden Reforestation Projects reduces extreme poverty and restores healthy forests by employing local people to plant millions of trees every year. The way it works, is that whenever we finish working on a service request for you – our system sends a quick 15 second survey (yes, it honestly takes 15 seconds) to find out how we did and to make sure we’re keeping our support levels world class. For every completed survey, we plant 8 trees (through Eden Reforestation Projects). Here’s a quick video to see the impact they’re making. It’s our goal to plant 24,000 trees in 2022 and we’ll need your help.
Donate