It’s time to rethink your password strategy

It’s time to rethink your password strategy

National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. In the new now the institute reversed its stance. Find out why and learn what their new recommendations are for rethinking your password strategy and let us find ways on creating strong passwords

HERE's THE PROBLEM

The predictability of People. NIST advisory is not the problem but the people are creating easy-to-crack passwords, the advisory  made people create weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

These passwords or password may seem secure, but the strings of characters and numbers could easily be read and attainable by the hackers using common algorithms.

In addition, the NIST recent recommendation that people change their passwords regularly, but did not specify the time basis and how to change them. Commonly to us the thought of passwords was already made us feel secure because they’ve included special characters in them.

The NIST has made us create passwords that are hard to remember but easy for a hacker’s algorithm to crack.

Leading the institution admitting that this causes more problems than solutions. A reversed ib its stance on organizational password management requirements and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

PASSWORD STRATEGY: The solution

A famous Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both of these security experts advise enterprises to implement multifactor authentication in login policies.

Simply this requires a user to present two valid credentials aside from a password to gain access to an account. This could be a code sent to the account owner’s smartphone, a login prompt on a mobile device, or a facial or a fingerprint scan. This way, hackers’ login efforts are futile unless they fulfill the succeeding security requirements.

A recommendation from Mitnick implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” A more difficult to guess and less prone to hacking. The frequency of changing passphrases, it will depend on a company’s risk tolerance.

Putting it in a new perspective the passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to crack.

New methods for security solutions :

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.