Password Recommendations Have Changed

In 2020 and 2021, The National Institute for Standards in Technology (NIST) released updated guidance for passwords. Some of these changes reverse previous password best practices. Many compliance standards, like HIPAA, use NIST to guide requirements. When NIST changes, businesses should take note!

Updated Password Guidelines

The complete guidelines can be found here, but these are the highlights which have the greatest impact, or that differ from previous password best practices. 

  • Use a Password Manager – Password managers create and store strong, unique passwords for every account. A company password manager gives IT the ability to monitor passwords across the organization for compliance.
  • Enable Multifactor AuthenticationMFA protects against compromised passwords by requiring the user to verify the login attempt using more than just usernames and passwords. Most commonly, this is through an MFA app or text message.
  • Don’t Require Frequent Password Resets – It’s counterintuitive, but more frequent password resets are actually a vulnerability. 90-day resets cause users to develop patterns that hackers can easily guess. Password resets should only occur annually.
  • Focus on Length Over Complexity – Complex passwords requiring multiple character types are harder to remember. Again, this causes users to develop patterns that hackers can crack. Requiring longer passwords rather than more complex passwords is recommended. However, password managers give you both!

Before changing password requirements, verify you will be in compliance with all applicable standards. And if you need help implementing these guidelines, give us a call!

What About XDR?

Passwords are just one aspect of cybersecurity. Organizations also need tools to detect and respond to threats. XDR is gaining traction as the tool of choice.

Our new lunch and learn, What is XDR and Why Do I Need it is a comprehensive overview of the technology and how it can be used. The webinar is designed for IT pros and IT decision makers.

And thanks to Trend Micro, all attendees will receive a $20 Grubhub gift card for lunch after the presentation. Register today!

Date: Thurs. June 2nd

Time: 11am – 12pm

Location: Virtual Webinar

Topics Covered:

  • Antivirus vs. EDR vs. XDR
  • XDR Use Cases
  • Why Cyber Insurance Carriers are Requiring XDR
  • Benefits and Limitations
  • How to Implement XDR
  • & More!
What is XDR and Why do I need It?

Your Technology Partner,

The LeeShanok Team

Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

Newsletter Repository:   https://www.leeshanok.com/leeshanok-news

LeeShanok Logo
Copyright © 2022 leeshanok.com
Website by CS Design Studios
Newsletter Signup