For years, we were told that a password had to be a complex blend of numbers, lower- and upper-case letters and special characters. They had to be changed frequently, too. Maybe even once a month. Turns out, all of that’s wrong — or, at least, obsolete. Welcome to our December Newsletter!


U.S. Government Updates Password Security Recommendations

Over the past few years, the National Institute of Standards and Technology (NIST) has been revising its guidelines for password security. The result has been a phasing out of “algorithmic complexity” in favor of a more “reasonable standard” of security.

Read more at Alvaka >


What to Know About the Latest Password Guidelines

So, just what are the newest NIST password guidelines? How are they different from last year’s updates, exactly, and what’s the rationale for changing them? And what can IT departments do to comply?

Get answers from the JumpCloud blog >


Mandatory Password Updates ‘obsolete,’ says Microsoft

Consider Microsoft among those who agree with NIST’s new direction. The company recently called the practice of regular password updates “ancient and obsolete,” largely because it encourages habits that are easy to hack.

Read more at Ars Technica >

New call-to-action

The Biggest Problems with Passwords Are…

Because password changes are required so frequently, people tend to use and re-use phrases for different systems and apps. And that’s just one of the factors that’s made the current system incredibly vulnerable to security breaches.

Security Boulevard has more details >


What Should Replace Password Expiration?

The online security community spent a large share of 2019 discussing — and mostly agreeing with — the idea of doing away with password expiration. Here are a few common-sense “basic rules” that people should embrace instead.

Full story at TechCrunch >


Why MFA is More Essential Than Ever

As we move toward an environment of simpler, less frequently changed passwords, the use of multi-factor authentication (MFA) is becoming more important to ensure that your organization is not “wide open to attacks.”

Read more at CPO Magazine >

Are you prepared to comply with new data regulations?

Request a free 15-minute consult to learn how Omnistruct can help you understand your organization’s vulnerabilities, evaluate your risk, and measure key cyber KPIs to achieve and improve continuous cyber compliance.

Book a Free Consult