Longer Passwords Are In, Frequent Changes Are Out

October is Cybersecurity Month, the perfect time for businesses to reassess their security practices, especially when it comes to passwords. The National Institute of Standards and Technology (NIST) recently updated its password guidelines, and these new recommendations mark a significant shift in how we think about passwords.

Goodbye, Complex Passwords: Hello, Longer Passphrases

In the past, NIST and cybersecurity authorities recommended passwords that mixed upper and lower-case letters, numbers, and special characters. However, this led to complex passwords users found difficult to remember. Users reacted by adopting the unsafe “password123!” or hiding sticky notes with their password written on it under keyboards. NIST’s new guidelines shift the focus to longer passphrases rather than complicated combinations.

 What does this mean?

  • Encourage longer passwords: NIST now suggests a minimum length of 8 characters for general users and 12-16 characters for system administrators.
  • Use passphrases: Instead of complex strings of characters, a long passphrase can be easier to remember and still provide strong security. For example, “OceanSunsetBreeze” can be easier to recall than “Xk9!s8zY”.

Longer passwords create a more robust barrier against brute-force attacks, as each additional character significantly increases the time it takes for hackers to crack a password. This shift means your employees can focus on creating passwords they’ll actually remember without sacrificing security.

No More Mandatory Password Changes—But Stay Vigilant

Another major change in NIST’s recommendations is the reduced emphasis on frequent password changes. Previously, many organizations required employees to change their passwords every 60-90 days, which often led to weak and predictable passwords. The updated guidelines now suggest mandatory password changes are only necessary if there is evidence of a security breach or if the password is known to have been compromised.

What does this mean?

  • Reduce password fatigue: Instead of forcing employees to update their passwords frequently, businesses can focus on monitoring for suspicious activity and only require password changes when necessary.
  • Maintain vigilance: This does not mean passwords can be left unchanged indefinitely. Businesses should remain alert to potential threats and encourage employees to change passwords if they suspect any compromise.

By eliminating unnecessary password resets, you can reduce the frustration and inconvenience for your team while still keeping your systems secure.

Implementing These Changes in Your Business

For small and mid-sized businesses, adjusting your password policies to align with NIST’s new recommendations can improve security while also boosting productivity. Here’s how you can put these guidelines into action:

  • Educate your team: Make sure your employees understand the importance of creating long passphrases and the reasons behind the changes to password policies.
  • Use a password manager: Password managers can help employees generate and store longer passwords without the need to remember each one. This can further enhance your security.
  • Enable multi-factor authentication (MFA): Even with stronger passwords, MFA adds an additional layer of security, making it much harder for attackers to gain unauthorized access to your systems.

Strengthen Your Security During Cybersecurity Month

October is a great time to review your cybersecurity practices, and updating your password policies is a simple but effective way to enhance your defenses. By adopting NIST’s new recommendations, your business can reduce the risks associated with weak passwords and make life easier for your team.

As a managed services provider, we’re here to help you navigate these changes and implement best practices to keep your business safe. If you’d like to learn more about NIST’s new guidelines or discuss a comprehensive cybersecurity plan for your organization, don’t hesitate to contact us.

Richard Stokes: As the Director of Sales for Network 1, Richard identifies “future” clients that can benefit from the support of an experienced, outsourced IT team. He helps clients and prospects find technology solutions they need to achieve better productivity and efficiency so they can focus on making money and growing their businesses.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

Comments are closed for this post.

Related Posts