Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

1717 W Fairbanks Avenue Winter Park, FL 32789

3 Key Elements of the NIST Password Standards

There are a few key NIST password standards that companies should adhere to that will mitigate risk:

1. End the random algorithmic complexity.
National Institute of Standards and Technology (NIST) now recommends everyone use longer passwords or passphrases of 15 or more characters without requiring uppercase, lowercase or special characters. The extra length of a passphrase makes it harder to crack while also making it easier for the user to remember.  Enforcing unnecessary password complexity requiring a mix of special characters, numbers and upper-case letters is a practice that can stop. This practice has been shown to frequently result in weak passwords as many users will just substitute a letter with a number and attackers know the most common ones that people use (for example, 1 replaces i or an l; 0 replaces O, etc.)

2. Remove periodic password reset requirements.
This is one of the biggest frustrations for employees who are forced to change their password multiple times per year. Studies have shown requiring frequent password changes is counterproductive to good password security because people will choose weaker or common passwords if they are forced to change their password regularly.

3. Make screening of new passwords against lists of common or compromised passwords mandatory on a daily basis.
Password screening (aka password filtering or monitoring) is a critical step that organizations must factor into their cybersecurity strategy. Otherwise, you run the risk of having a process in place that ensures new passwords are strong and unique, but fails to check if these passwords are already compromised. Even a strong password can be weak if it’s compromised. You can’t drive a car safely without the brakes working on a daily basis and you shouldn’t do the same with employee passwords. We believe that the ongoing screening of passwords against compromised lists should be mandatory.

By adopting these password requirements, password security will no longer be a weak link for your business. If you want to future-proof your password policy to mitigate the risk of employee account takeover, contact Lane Technology Solutions and see how they can help you in your goal to better cybersecurity.

Share Post
More Posts