So, while NIST advises businesses to institute eight-character minimums, using passphrases, which range from eight to 16 characters, is a much more effective way to keep your account safe. Generally speaking, the longer the password, the more secure. Unsure about what constitutes a strong password in 2023? Read on for some simple, fuss-free tips. This is consistent with NIST's latest guidelines, which tell companies that users should be able “to use ‘paste' functionality when entering a. In fact, letting users paste codes across platforms has actually been shown to improve security by reducing errors and making it easier for users to follow correct password hygiene. But as the UK's National Cyber Security Center found, it rarely poses a direct threat to companies. It's commonly understood to be antithetical to password security. This may sound counterintuitive, but according to the agency, it's the best way to combat password fatigueby keeping the quality of codes strong throughout your organization. What's more, requiring them to do so frequently results in the creation of unimaginative, hackable passwords.īecause of this, NIST warns businesses against making users reset passwords too frequently. No worker enjoys regularly updating their password. There are a number of different 2FA options to choose from, but using a separate authenticator device or U2F security key is by far the best way to keep accounts safe. This provides companies with an important extra layer of defense and makes it even harder for hackers to enter your system. While this is less of a password tip, the government agency advises businesses to use two-factor authentication alongside traditional codes. Use passwords alongside two-factor authentication They suggest that companies should make workers complete a CAPTCHA before re-attempting, to ensure that computers aren't trying to enter the account. NIST also recommends temporarily baring access to accounts for a certain period of time when users enter incorrect details - and locking them out altogether after 100 attempts. Lower the limit of “Failed Password” attempts
This way, guesswork can be eliminated, stress can be avoided, and your workforce will be more likely to use effective codes to safeguard their accounts. To avoid this issue, NIST tells businesses to let workers see what passwords they're typing. Not only does this make users more prone to being blocked out of their accounts, it also makes them less likely to create complex codes in the future. When employees type in long and complex passwords blindly, it makes typos and errors extremely common. Therefore, to make life harder for cybercriminals, and easier for you and your business, we recommend setting a character limit that ranges from 8-64. This is clear from Hive Systems research that found that passwords eight characters long are able to be hacked within eight hours by the average hacker, while shorter codes can be compromised within a few minutes. Set a password minimum of eight charactersĪccording to NIST, creating a longer password is more important than creating a complex one.
If you're responsible for setting the password policies for your organization, read on for six practices to bear in mind. To celebrate National Password Day 2023, we brushed up on the latest National Institute of Standards and Technology (NIST) guidelines and created a list of password tips for companies and workers to follow in 2023. Until they're phased out completely, maintaining good password hygiene is the only way your company can stay safe from rapidly evolving threats like keylogger programs and AI password crackers.Ĭreating a strong password isn't rocket science - but conflicting regulations have created a cloud of confusion around the topic making it hard for businesses to know which requirements to use across their systems. While tech-savvy solutions like passkeys and two-factor authentication (2FA) continue to be favored by companies like Google, Apple, and Microsoft, the humble password isn't dead yet.
0 kommentar(er)
