Infracore LLC Blog

Understanding the New NIST Guidelines for Password Security

Understanding the New NIST Guidelines for Password Security

The National Institute for Standards and Technology (NIST) has released Special Publication 800-63B, titled Digital Identity Guidelines. The document outlines major changes to the ways password security should be approached and leaves a lot of what network administrators and software developers have implemented recently to be wrong Today, we’ll take a look at the publication, and try to make sense of the sudden change of course.

NIST is a non-regulatory federal agency that works under the umbrella of the U.S. Department of Commerce. Its mission is to promote U.S. innovation and competitiveness by advancing a uniform measurement standard. Many NIST guidelines become the foundation for best practices in data security. As a result, any publication they produce having to do with cyber or network security should be considered.

A Look at SP 800-63B
The newest password guidelines are a swift about-face in strategy as compared to previous NIST suggestions. Instead of a strategy of ensuring that all passwords meet some type of arbitrary complexity requirements, the new strategy is to create passwords that are easier and more intuitive. Here are some of the highlights:

  • Passwords should be compared to dictionaries and commonly-used passwords
  • Eliminate or reduce complexity rules for passwords
  • All printable characters allowed, including spaces
  • Expiration of passwords no longer based on time password has been in use
  • Maximum length increased to 64 characters.

Basically, the new guidelines recommend longer passphrases to the complex passwords as they are hard for people to remember, and even with complexity rules in place, it was becoming increasingly easy for algorithms to crack passwords (seen in the comic strip below).

ib nist cartoon 1

As stated before, NIST is not a regulatory organization, but federal agencies and contractors use NIST’s information in order to set up secure computing environments in which to display, store, and share sensitive unclassified information.

In making these changes to password strategy, NIST is now considering the fact that many industry professionals knew: a password you can’t remember may be secure, but if it’s so secure that you have to rely on third-party software to utilize it, it’s not really that effective at mitigating risk. NIST now looks at the passphrase strategy, along with two-factor authentication as the go-to risk management strategy. SMS-based two-factor authentication was not mentioned in the final report but has come under scrutiny as it has contributed to multiple hacks in recent times.

The NIST also explicitly commands that network administrators be mindful to forbid commonly used passwords; effectively creating a blacklist of passwords. The new guidelines also suggest that users shouldn’t be using the password hints or knowledge-based authentication options; a common practice among banking and FinTech applications to this day. We’ll see if there is a strategic alteration in these companies’ practices as the new NIST guidelines become best practices.

If you are looking for more information about best password practices and data security, the IT experts at Infracore LLC are here to help. Call us today at (858) 509-1970 to have your password strategy assessed by the professionals.

Comic by XKCD.

Cryptomining is Inspiring Cybercrime
Know Your Tech: CMS
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, February 19 2019

Captcha Image

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business computing Google Network Security Hosted Solutions Microsoft User Tips Hackers Data Malware Software Innovation Productivity Business Hardware Smartphones Mobile Devices Tech Term Backup Internet IT Services Business Continuity VoIP Smartphone Email Windows 10 Browser Communications Data Backup Android Cloud Computing Computer Outsourced IT Managed IT Services Efficiency Business Management Alert Workplace Tips Disaster Recovery Small Business Data Recovery Artificial Intelligence Router Communication Miscellaneous Managed IT Services Ransomware Office Chrome Computers IT Support Internet of Things Windows 10 Cybercrime Cybersecurity Law Enforcement Network Productivity Telephone Systems Money Holiday Passwords Health Office 365 Password Applications Collaboration Facebook Virtualization Social Media How To Windows Gadgets Mobile Device Word Saving Money Server Quick Tips Upgrade App Spam Wi-Fi Private Cloud Information Social Engineering Work/Life Balance Google Drive Automation Data Security IT Support Bring Your Own Device Save Money Microsoft Office BDR Hacking Vulnerability Settings Mobility Keyboard Data Protection Voice over Internet Protocol Mobile Device Management Scam Data Breach Two-factor Authentication Apps Encryption Phishing HaaS Managed Service Office Tips Connectivity Samsung Electronic Medical Records Bandwidth VPN Unsupported Software End of Support Training Remote Computing Sports Human Resources Remote Monitoring Telephone System History Entertainment USB Value Google Docs Managed IT Fraud Access Control Telephony Software as a Service Firewall Networking Flexibility Windows 7 Comparison PDF Website CES Botnet Save Time Employer-Employee Relationship Legal Charger BYOD Automobile Patch Management Data Storage Managed Service Provider Content Management Cleaning OneNote Servers Data Management Government Redundancy Paperless Office Business Intelligence IT Management Worker Big Data Blockchain Avoiding Downtime Spam Blocking Computer Care Update Marketing Identity Theft Public Cloud Infrastructure Machine Learning IT Plan Operating System Battery Virtual Assistant Hybrid Cloud Wearable Technology WiFi Criminal Downtime How to Enterprise Content Management Display Data storage IT Consultant Credit Cards Inventory Unified Threat Management Password Manager The Internet of Things YouTube Help Desk Benefits Workforce webinar Worker Commute MSP Wireless Charging Devices Windows 10s Windows Server 2008 Mouse Television Trending Screen Mirroring Education Google Search Computer Accessories Mobile Computing Apple Root Cause Analysis Black Market Password Management Security Cameras Leadership HBO Business Mangement FENG Accountants Conferencing Software Tips File Sharing Internet exploMicrosoft Vendor Management Cortana Thought Leadership Scalability Smart Office Administrator Emergency Public Computer Staff Cast Computing Infrastructure Proactive IT Bluetooth Camera iPhone Troubleshooting Loyalty NIST Hacker Amazon Authentication Outlook Gmail Wireless Skype Shortcuts Smart Technology Current Events Telecommuting Emails Augmented Reality Advertising Google Apps Solid State Drive Flash Document Management Microchip Specifications Relocation User Error SaaS Meetings Travel Cryptocurrency Smartwatch Amazon Web Services Nanotechnology Best Practice Frequently Asked Questions Experience Recovery Recycling Start Menu Social Monitor Two Factor Authentication Knowledge Remote Work Practices Remote Worker Workers Addiction Information Technology Audit Search Engine Digital Signature Techology Users Risk Management Excel Content Wireless Internet Warranty Safe Mode Employee Hiring/Firing Online Shopping Smart Tech Music eWaste Search Tools HVAC Vendor Network Congestion Hosted Computing IT solutions Physical Security Wiring Cache Computer Fan Instant Messaging Sync Bing Transportation Safety Millennials Virtual Reality Humor Internet Exlporer Politics Rootkit Video Games Tip of the week Audiobook Wire Printer Books Assessment Multi-Factor Security HIPAA Data loss Digital Signage Files Employer Employee Relationship Evernote Company Culture Thank You Compliance Managing Stress Twitter Congratulations Regulation Net Neutrality Printers Webinar ISP CrashOverride

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

JordaBale Tip of the Week: 10 Technology Practices To Improve Business As Usual
11 February 2019
Just to make your business more progressive you have to follow some techniques and tips. In this reg...
Gabrielle Kolios Microsoft Moves to Get a Piece of the Technology as a Service Market Share
08 February 2019
The company of the Microsoft has been really now understood the technology which have to be supposed...
AngusCousens Tip of the Week: How To Enable Flash In Google Chrome
06 February 2019
Google is another popular makeup brand. Ladies can get products for eye makeup also. They can use ht...
Cannedguds These 3 Industries are Being Fundamentally Changed by Smart Technology
29 January 2019
While I support the idea of automated or driverless cars in theory, at the moment they just simply m...
Joan Cameron Tip of the Week: 4 Tools that Provide Your Employees With Greater Flexibility
21 January 2019
These are very helpful tools with we can get rid from lots of unwanted efforts of work. Best essay w...