For years, we were told that a password had to be a complex blend of numbers, lower- and upper-case letters and special characters. They had to be changed frequently, too. Maybe even once a month. Turns out, all of that’s wrong — or, at least, obsolete. Welcome to our December Newsletter!
U.S. Government Updates Password Security Recommendations
Over the past few years, the National Institute of Standards and Technology (NIST) has been revising its guidelines for password security. The result has been a phasing out of “algorithmic complexity” in favor of a more “reasonable standard” of security.
What to Know About the Latest Password Guidelines
So, just what are the newest NIST password guidelines? How are they different from last year’s updates, exactly, and what’s the rationale for changing them? And what can IT departments do to comply?
Mandatory Password Updates ‘obsolete,’ says Microsoft
Consider Microsoft among those who agree with NIST’s new direction. The company recently called the practice of regular password updates “ancient and obsolete,” largely because it encourages habits that are easy to hack.
The Biggest Problems with Passwords Are…
Because password changes are required so frequently, people tend to use and re-use phrases for different systems and apps. And that’s just one of the factors that’s made the current system incredibly vulnerable to security breaches.
What Should Replace Password Expiration?
The online security community spent a large share of 2019 discussing — and mostly agreeing with — the idea of doing away with password expiration. Here are a few common-sense “basic rules” that people should embrace instead.
Why MFA is More Essential Than Ever
As we move toward an environment of simpler, less frequently changed passwords, the use of multi-factor authentication (MFA) is becoming more important to ensure that your organization is not “wide open to attacks.”