NIST’s password guidelines: What you need to know

In case you missed it, the National Institute of Standards and Technology (NIST) released new guidelines for creating and managing passwords. This is great news for anyone looking to improve their online security. But what do these new guidelines mean for you? In this blog post, we will discuss the basics of the NIST password guidelines.

Outdated practices

The previous NIST guidelines on password creation followed a conventional approach to password security. The guidelines recommended regular password resets and the use of long, complex passwords (i.e., required minimum number of characters, use of special characters and numbers, etc.).

But these guidelines unintentionally led to people making weakening passwords using predictable capitalization, special characters, and numbers. And though users changed passwords on a regular basis, many assumed that they could simply add or change one or two characters in their password. These practices proved to be ineffective and resulted in the creation of passwords that hackers could easily crack via brute force.

Stronger password for better security

NIST eventually admitted that their initial recommendations only caused more difficulties than it resolved. In 2020, the organization updated its guidelines.

Among the most notable changes are:

• Frequent password resets are no longer required. Resets are now only required in case a password is compromised or forgotten.
• Password complexity requirements have been dropped in favor of construction flexibility — NIST recommends the use of long passphrases instead of long, overly complex passwords.
• Mandatory screening of new passwords against lists of common or compromised passwords is highly recommended.
• The use of nonstandard characters, such as emoticons, is now allowed.

The implementation of multifactor authentication (MFA) is encouraged. MFA has many advantages, which is why most cybersecurity experts advise businesses to adopt it in their login policies. By requiring multiple sources of authentication, MFA helps prevent unauthorized access to sensitive information and systems.

Other password security solutions to consider

Lastly, you should implement the following security solutions throughout your company:

• Single sign-on – enables users to access multiple accounts with one set of credentials, so they don’t have to remember numerous passwords and usernames
• Account monitoring tools – designed to automatically detect and prevent suspicious activity, keeping your network safe from potential hackers

Updating your passwords may seem like a hassle, but it is one of the most important things you can do to boost your cybersecurity. By following the updated guidelines and making sure your passwords are secure, you can help protect yourself and your business from identity theft and other cyberthreats.

If you need help creating a strong password or want more tips on how to improve your cybersecurity, call us now. Our team of experts is ready to answer any questions you have and help you create a plan to keep your business safe from cyberattacks.