Female Rep 3


 "Quality is Job One"

Have IT Questions?
Call us now (888) 894-6411


TWINTEL Solutions has been serving the Orange County, Los Angeles County, Riverside County, and San Diego County, areas. Since 2005, TWINTEL has provided IT Support such as technical help desk support, computer support, and overall IT consulting to small and medium-sized businesses.

Understanding the New NIST Guidelines for Password Security

Understanding the New NIST Guidelines for Password Security

The National Institute for Standards and Technology (NIST) has released Special Publication 800-63B, titled Digital Identity Guidelines. The document outlines major changes to the ways password security should be approached and leaves a lot of what network administrators and software developers have implemented recently to be wrong Today, we’ll take a look at the publication, and try to make sense of the sudden change of course.

NIST is a non-regulatory federal agency that works under the umbrella of the U.S. Department of Commerce. Its mission is to promote U.S. innovation and competitiveness by advancing a uniform measurement standard. Many NIST guidelines become the foundation for best practices in data security. As a result, any publication they produce having to do with cyber or network security should be considered.

A Look at SP 800-63B
The newest password guidelines are a swift about-face in strategy as compared to previous NIST suggestions. Instead of a strategy of ensuring that all passwords meet some type of arbitrary complexity requirements, the new strategy is to create passwords that are easier and more intuitive. Here are some of the highlights:

  • Passwords should be compared to dictionaries and commonly-used passwords
  • Eliminate or reduce complexity rules for passwords
  • All printable characters allowed, including spaces
  • Expiration of passwords no longer based on time password has been in use
  • Maximum length increased to 64 characters.

Basically, the new guidelines recommend longer passphrases to the complex passwords as they are hard for people to remember, and even with complexity rules in place, it was becoming increasingly easy for algorithms to crack passwords (seen in the comic strip below).

ib nist cartoon 1

As stated before, NIST is not a regulatory organization, but federal agencies and contractors use NIST’s information in order to set up secure computing environments in which to display, store, and share sensitive unclassified information.

In making these changes to password strategy, NIST is now considering the fact that many industry professionals knew: a password you can’t remember may be secure, but if it’s so secure that you have to rely on third-party software to utilize it, it’s not really that effective at mitigating risk. NIST now looks at the passphrase strategy, along with two-factor authentication as the go-to risk management strategy. SMS-based two-factor authentication was not mentioned in the final report but has come under scrutiny as it has contributed to multiple hacks in recent times.

The NIST also explicitly commands that network administrators be mindful to forbid commonly used passwords; effectively creating a blacklist of passwords. The new guidelines also suggest that users shouldn’t be using the password hints or knowledge-based authentication options; a common practice among banking and FinTech applications to this day. We’ll see if there is a strategic alteration in these companies’ practices as the new NIST guidelines become best practices.

If you are looking for more information about best password practices and data security, the IT experts at TWINTEL Solutions are here to help. Call us today at (888) 894-6411 to have your password strategy assessed by the professionals.

Comic by XKCD.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, July 21 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!


Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Cloud Privacy Technology Business Computing Backup Hackers Network Security Malware Hosted Solutions Microsoft VoIP Google nonprofit Software bgc Mobile Devices roundup Disaster Recovery Managed IT Services Alert Email Business Data Business Continuity Outsourced IT Internet communications Windows 10 Smartphones Ransomware Innovation Saving Money Hardware Android Browser IT Services Cybercrime Server Computer Managed IT Services Computers Cloud Computing Efficiency Small Business Data Backup IT Support Tech Term Smartphone Business Management Productivity Internet of Things Office Windows BDR Save Money BYOD Passwords User Tips Mobile Device Management Data Recovery Money Quick Tips Social Engineering Telephone Systems Network Cybersecurity Recovery Managed IT Upgrade Mobility Vulnerability Work/Life Balance IT Support Hacking Collaboration Communication Productivity Virtualization Law Enforcement Phishing Artificial Intelligence Bring Your Own Device Flexibility Remote Monitoring Avoiding Downtime Health Budget Office 365 Social Media Applications Facebook Data Protection Private Cloud Holiday Bandwidth Router Office Tips Two-factor Authentication App Automation Wi-Fi Managed Service Provider Password How To Firewall VPN Chrome Microsoft Office Proactive IT Miscellaneous Data Breach Apps Operating System Black Market Identity Theft Value Connectivity Business Intelligence Workplace Tips Word Information Technology History Gadgets Windows 10 Mobile Device Data Security Safety Redundancy Compliance Google Drive HaaS Remote Computing Automobile Emergency Website Data Storage Computer Care Data Management Patch Management Paperless Office IT Management End of Support Samsung Battery HIPAA CES Scam IT Plan YouTube Content Management PDF Worker Credit Cards USB Solid State Drive Blockchain Legal Entertainment The Internet of Things Windows 7 SaaS Unsupported Software Workers Infrastructure Big Data Sports Physical Security Mobile Computing OneNote Comparison Risk Management Wireless Technology Servers Charger Business Owner Update Electronic Medical Records Data storage Document Management Government Computing Infrastructure Employer-Employee Relationship Keyboard Marketing Spam Blocking Save Time Content Filtering Spam Hiring/Firing Cleaning eWaste Apple Smart Office Internet Exlporer Telephone System Frequently Asked Questions webinar Practices Employer Employee Relationship Telecommuting Cables Skype Nanotechnology Public Cloud IBM Criminal Voice over Internet Protocol iPhone Excel Conferencing Hosted Computing Computer Accessories Remote Work Unified Communications Start Menu Smart Tech Supercomputer Going Green Multi-Factor Security Machine Learning Advertising Tip of the week Netflix Inventory Bluetooth Scalability Education Theft Hard Drives Tools Audit Current Events Transportation Trending HVAC Audiobook Windows Server 2008 Access Control Downtime Loyalty Reputation Cortana Relocation Devices Computer Fan Knowledge Benefits Lifestyle Files Networking Data Warehousing Authentication Rootkit Robot Instant Messaging Fraud Customers Users Google Apps Troubleshooting Mobile Humor Thought Leadership FENG Network Congestion Content Human Resources Smart Technology Laptop Best Practice Enterprise Content Management Amazon Regulations Training Search Virtual Reality Professional Services Twitter Software Tips Staff Two Factor Authentication Touchpad Password Management Amazon Web Services NarrowBand Vendor Management How to Assessment Worker Commute Password Manager Books Software as a Service Addiction IT Consultant Digital Signature Video Games User Error NIST Online Shopping Wireless Settings Television Business Mangement Hosted Solution Cache CrashOverride HBO Leadership Encryption Specifications Colocation Cryptocurrency Evernote Politics Flash Public Computer Gmail Techology WiFi Wireless Internet Screen Mirroring Meetings Safe Mode Outlook Accountants Millennials Monitor Shadow IT Wireless Charging Sync Unified Threat Management Recycling Google Docs Wire Cast Data loss Hacker Virtual Assistant Workforce Fiber-Optic Experience Chromecast Telephony Windows 10s Thank You Congratulations nonprofits