Probably not. At least, if you’re anything like me — and I really hope you’re not – then your passwords are probably not up to snuff. But hopefully this will at least get you to reconsider your current situation.
We all love to have easily-remembered passwords, because, well, they’re easy to remember. But you aren’t doing yourself any favors by opening yourself up to get hacked.
The National Institute of Standards and Technology (NIST) has recently issued new guidelines regarding secure passwords, and I think it’s incredibly important to read their suggestions.
Ok, but wait — who is NIST?
NIST is a non-regulatory federal agency whose purpose is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology, in ways that enhance economic security and improve our quality of life.
And by the way, these guidelines are generally considered a reasonable standard not only in the U.S., but also around the globe, but you don’t have to follow them to a T. Following these standards, however, are likely to give you solid protection, should you ever be accused of not following good security practices.
So, what is so remarkable about these new password guidelines and how will they impact you and other users? The new framework is certainly controversial among many security professionals. Almost all security practitioners are going to find stuff they agree and disagree with in the guidelines. But here we go…
Remove periodic password change requirements
This is one that legions of corporate employees, forced to create a new password every month, will surely be happy about. There have been multiple studies that have shown the requirement of frequent password changes to be counterproductive to good password security; but the industry has doggedly held on to the practice. This will remain controversial for some time, I am sure.
Drop the algorithmic complexity song and dance
No more arbitrary password complexity requirements, needing mixtures of upper case letters, symbols and numbers. Like frequent password changes, some claim these password policies can result in worse passwords.
Here is a completely new one… require screening of new passwords against lists of commonly used or compromised passwords
One of the best ways to ratchet up the strength of your users’ passwords is to screen them against lists of dictionary passwords and known compromised passwords.
Please contact us for any questions you may have on password screening! We’re happy to help and point you toward software that can make this process simpler.
We hope this all helps! I know at the very least it should get you thinking about doing more to protect yourself in the password arena. I know it helped me, and got me thinking smarter.