NIST’s Newest Password Guidelines
Gone are the days of the required monthly password changes. NIST, which stands for National Institute of Standards and Technology, released their new guidelines, almost exactly a year ago to date, for password management. These thoroughly researched guidelines are not only recommended by NIST but have also been approved by the Secretary of Commerce. In the past, the recommendation has been to change our passwords monthly and to use extremely complicated passwords which included upper and lower-case letters and special characters. This process definitely had a tendency to lead a great deal of us down the road to a frustrated log-ins which typically ended as relying on a password manager (check back for our upcoming blog) or having to click on the “forgot password” button. We at Pendello understand that Security is not always convenient, but these guidelines are a win-win. They can help protect against the alternative and also make your log-ins a great deal less cumbersome.
As of August 17, 2017, NIST released their new guidelines for password management. These standards in the past, have been observed as the best practice recommendations across the security industry. The guidelines are as follows:
- Remove periodic password change requirements
- Yes, you read that correctly, you can keep your same password forever!!
- The algorithmic complexity is no longer necessary
- Your passwords can actually make sense! Upper and lower case letters and special characters (!#*@%?) no longer make your password more secure. Pick a phrase (longer is actually better) that you can visualize and consistently remember. Plus, spaces are an added security bonus!
- Require screening of new passwords against lists of commonly used or compromised passwords
- There is software out there which can test your password to make sure it is not already on the deep, dark web!!
In our own words, the guidelines are saying, "keep it simple." Just make it long and memorable for you and only you and make sure it is not already compromised! The first two requirements seem simple, but we all may need some help with making sure we’re not choosing a password that hasn't already been hacked by North Korea.
Now, keep in mind these are still just guidelines. Nothing can guarantee a completely secure password although, we at Pendello Solutions have an incredible group of business technology associates who are actively monitoring these guidelines and many others and sifting through the ruble of information to decipher what will be most effective and secure for each individual client! Contact Pendello Solutions today to make sure your data is safe and to solidify the safety of your passwords!