NIST Publishes New Password Standards
– a press release
“The traditional guidance is actually producing passwords that are easy for bad guys and hard for legitimate users.”
For Immediate Release – August 15, 2017
Muncie, Ind. – The National Institute of Standards and Technology (NIST) recently revised its guidelines on creating passwords. The new set of standards sharply diverges from previous rules. Until recently, the general consensus for password management was to remain as complex as possible.
For example, you often would see the following criteria for password creation:
- Passwords must be 8+ characters.
- Passwords should contain a minimum of one special character and numeral.
- Passwords should be scheduled for change at a regular interval.
Paul Grassi, senior standards and technology advisor at NIST, says that, “The traditional guidance is actually producing passwords that are easy for bad guys and hard for legitimate users.” Continuing, “The old standards encouraged users to recycle passwords like ‘Password1!’ — providing a false sense of security.”
Moving forward, the new standards favor length over complexity. Users are encouraged to forget traditional password wisdom and opt for longer pass-phrases composed of multiple words. These new pass-phrases should be validated, preventing the use of common phrases and weak passwords such as “password”, “12345678”, etc. Additionally, NIST is aware that multi-factor authentication is becoming more common and recommends use when available.
Although NIST’s rules are not mandatory for organizations outside of government, they have a large influence as many organizations adopt them as base standards and best practices for their own policies. If you have any questions about how passwords should be managed by you and your team, please contact Deltec.
Deltec offers a complimentary user vulnerability review.
About Deltec Solutions
Deltec Solutions is a Muncie-based business specializing in strategic Information Technology solutions for organizations. As a trusted technology partner for small and mid-size organizations since 1990, Deltec Solutions consults with clients about their technology needs, including: IT network consulting and planning, cybersecurity and business continuity planning, off-site desktop support, and – through a service line known as Deltec Digital – website design and digital marketing services.
Contact
Scott Jordan, Founder and CTO
sajordan@deltecsolutions.com | 765-587-5101