In 2020 and 2021, The National Institute for Standards in Technology (NIST) released updated guidance for passwords. Some of these changes reverse previous password best practices. Many compliance standards, like HIPAA, use NIST to guide requirements. When NIST changes, businesses should take note!
Updated Password Guidelines
The complete guidelines can be found here, but these are the highlights which have the greatest impact, or that differ from previous password best practices.
- Use a Password Manager – Password managers create and store strong, unique passwords for every account. A company password manager gives IT the ability to monitor passwords across the organization for compliance.
- Enable Multifactor Authentication – MFA protects against compromised passwords by requiring the user to verify the login attempt using more than just usernames and passwords. Most commonly, this is through an MFA app or text message.
- Don’t Require Frequent Password Resets – It’s counterintuitive, but more frequent password resets are actually a vulnerability. 90-day resets cause users to develop patterns that hackers can easily guess. Password resets should only occur annually.
- Focus on Length Over Complexity – Complex passwords requiring multiple character types are harder to remember. Again, this causes users to develop patterns that hackers can crack. Requiring longer passwords rather than more complex passwords is recommended. However, password managers give you both!
Before changing password requirements, verify you will be in compliance with all applicable standards. And if you need help implementing these guidelines, give us a call!
What About XDR?
Passwords are just one aspect of cybersecurity. Organizations also need tools to detect and respond to threats. XDR is gaining traction as the tool of choice.
Our new lunch and learn, What is XDR and Why Do I Need it is a comprehensive overview of the technology and how it can be used. The webinar is designed for IT pros and IT decision makers.
And thanks to Trend Micro, all attendees will receive a $20 Grubhub gift card for lunch after the presentation. Register today!
Date: Thurs. June 2nd
Time: 11am – 12pm
Location: Virtual Webinar
- Antivirus vs. EDR vs. XDR
- XDR Use Cases
- Why Cyber Insurance Carriers are Requiring XDR
- Benefits and Limitations
- How to Implement XDR
- & More!
Your Technology Partner,
The LeeShanok Team
Phoenix: 602-277-5757 Tucson: 520-888-9122 ITNews@leeshanok.com
Newsletter Repository: https://www.leeshanok.com/leeshanok-news