Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

Macro Systems has been serving the Metro Washington, DC area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

The Latest Password Recommendations by NIST

The Latest Password Recommendations by NIST

Passwords are always a significant irritation for businesses, but in some industries, their importance is highlighted more than others. Specifically, government-based businesses need to be prepared to use more secure passwords. Obviously not all organizations are government-based, there’s something to be said about proper password practices that all organizations can learn something from.

The United States’ National Institute of Standards and Technology has provided new password recommendations and standards for government officials, but everyone can benefit from at least considering the recommendations, even in the business sector. Some of these might seem a bit odd compared to what professionals typically say about passwords but stay with us. Remember, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

  • Make the Passwords User-Friendly: Under the regulations of NIST, passwords should be user-friendly and place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.”
  • Use a Minimum of 8 Characters: NIST’s new guidelines suggest that all passwords have a bare minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
  • Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “mypassword,” etc.

Some of the things to avoid using:

  • Composition rules aren’t good: Don't tell your employees what to use in their passwords. Rather, encourage users to use passphrases that are long and alphanumeric in nature.
  • No password hints: NIST asks that password hints be removed, as anyone trying to break into an account can use their knowledge of the target to overcome this barrier and alter a password or find out the current one. The same can be said for knowledge-based authentication involving questions about the user’s personal life.
  • No more password expiration: This goes back to the “user-friendly” aspect of passwords noted earlier. The only time passwords should be reset is if they are forgotten, phished, or stolen.

In conclusion, NIST wants to try and help make passwords less of a pain for users while still maintaining a similar level of security. What are your thoughts on some of these new standards? 

How to Keep Your Personally Identifiable Informati...
Three Data Recovery Problems Your Business Must Co...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, March 29, 2024

Captcha Image

Customer Login


Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030