Think about all the passwords you use to login to your daily life. You may type your first password in before you even rise to gain access to your phone. Then as you move around your home, drive to work, and perform your daily tasks, it’s a matter of logging in again and again on all sorts of devices.
It’s no wonder we try to make the process as pain-free as possible. Why not use 123456 to open up your phone and [email protected] to login to your favorite sites?
The National Institute of Standards and Technology recognizes that people simplify password processes whenever they can, and issues guidance to create advanced security procedures businesses can live with. By following their updated password guidelines, you can improve your password security practices and reduce your exposure to risk. NIST password recommendations include:
Increasing password length
The longer a password is, the more difficult it is to break. The most updated NIST guidelines state that passwords should be eight characters at a minimum for user-generated passwords, and six characters for those generated by a machine.
Allow special characters
When you only allow letters and/or numbers in the password, it narrows the potential for creating truly unique passwords. It also makes it easier to guess. By adding special characters, including emojis and spaces, it amplifies security to new levels.
Copy - paste - okay
When you create a complex password with lots of special characters, it’s difficult to retype in the password bar. While the copy/paste function was once thought to be a security risk, now that passwords are longer and more random, it makes sense to allow people to copy/paste. It also gives you the opportunity to use password managers to create tougher passwords.
Remove password change requirements
Organizations often require employees to change their passwords regularly as a way of reducing risk. Studies show that policy dumbs down security instead. By changing passwords frequently, employees select easier passwords to remember through the changes. According to NIST, a better strategy is to create a difficult password upfront and use it for as long as you need access to the device or system.
Remember the passwords mentioned before like 123456 and [email protected]? Instead of allowing employees to use these common passwords, a security practice now is to screen password choices against commonly used data. Employees won’t be allowed to choose these common words and phrases, and will instead be prompted to select again.
To protect against brute force attacks, reducing the number of tries into a system can stop criminal behavior in its tracks. This limits the number of password guesses, or provides another means of verification, such as CAPTCHA forms, to weed out automated attempts from criminal activity.
Passwords are considered the door to security. If you haven’t looked at your password procedures in a while, maybe now is the time.