A password policy designed for federal agencies must be secure, right? Surprisingly, that hasn’t been the case, according to the National Institute of Standards and Technology (NIST). The NIST created many of the password best practices you probably loathe — the combination of letters, numbers, and special characters — but it now says those guidelines were misguided and has changed its stance on the matter.
Find out why and how it involves you.
The problem The issue isn’t necessarily that the NIST advised people to create passwords that are easy to crack, but it steered people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”
This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.
Passwords — especially those not supported by two-step verification — are your. This guide will help you understand how those passwords are exposed, and what you can do to keep them locked down.
Common sense practices you should be following-Don’t tell anyone your password. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Do keep passwords different for separate accounts.
Dennis O’Reilly suggests creating a system that both allows you to create complex passwords and remember them.
For example, create a phrase like “I hope the Giants will win the World Series in 2016!” Then, take the initials of each word and all numbers and symbols to create your password. So, that phrase would result in this: IhtGwwtWSi2016!
The next option is to use a password generator, which come in the form of offline programs and Web sites. Many password managers like LastPass or Dashlane also have built in password generator tools but it’s better to create your own.
Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of. Even better, you should enforce the following security solutions within your company: • Single sign-on – allows users to securely access multiple accounts with one set of credentials • Account monitoring tools – recognizes suspicious activity and locks out hackers When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do, just give us a call.