NIST Password Guidelines
The National Institute of Standards and Technology (NIST) is a non-regulatory agency under the U.S. Department of Commerce that releases and updates guidelines for how systems are to accept passwords. In light of the COVID-19 outbreak forcing thousands of workers to stay home it is important to be aware of any updates to password regulations and guidelines.
In 2020 The National Institute of Standards and Technology has updated their list of guidelines and regulations for systems when creating or entering passwords. These new updates should help password security in a multitude of ways and will go a long way in making sure people data is safe and secure.
Increased Password Length
In order to make sure individuals have strong passwords NIST has stated that all systems should allow for passwords to be a minimum of 8 characters long with a maximum character count of 64. This updated guideline will allow for people to use complete phrases and sentences to secure their data. It only takes about 10 minutes to crack a 6 character long password. This should make it much harder for criminals to steal your credentials.
More Special Characters and Spaces
This new guideline is an absolute game changer. The NIST now recommends systems allow you to use even more special characters including emojis to secure your accounts. In addition to this they are also encouraging using spaces in your passwords for added protection. This opens up the possibility for thousands of unique and tough to crack passwords.
Allow users to paste text
This one is pretty self-explanatory, but the National Institute of Standards and Technology allows users to copy and paste text into login pages. This makes it much easier and user friendly to have a long password that can be copied and pasted directly from a password manager.
No More Password Hints
Most people have forgotten their password once or twice and had to use a hint. These hints could consist of: "What was you childhood address" or "What was the name of your first pet" all of which could easily be discovered with a little research. NIST has recommended that sites no longer use password hints as it makes it too easy for hackers to try and steal your credentials.
Read to full update from National Institute of Standards and Technology NIST
Let CorpInfoTech help you train your humans, your weakest link! CorpInfoTech is here to help with Security Awareness Training.
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.