Passwords – New Simplified Rules

passwords

Small business and IT executives should update their password methodologies to incorporate the latest NIST thinking.

 

The National Institute of Standards and Technology’s (NIST) thorough rewrite of password standards turns some basic rules upside down.

Since 2003 users have had to memorize strange combinations of letters, numbers and special characteristics that were supposed to be changed periodically. The new standards revoke all that and suggest usage of long, easy-to-remember phrases with no forced period for change. For most companies and users the new standards should be employed as soon as possible.    

The conventions we currently use for passwords were created in 2003 by a mid-level manager at NIST and were first published in an eight-page primer called “NIST Special Publication 800-63, Appendix A”.

This document has been accepted as gospel around the world for the correct way to address password creation, naming conventions, and change frequency. No matter what the variant is today that your firm works with, odds are it is a derivative of the original guidelines. Unfortunately, the author of the guidelines had no empirical data to work with – no one would share their password information.

Go figure.

So he created the standards based on a whitepaper written in the mid-1980s when computer access and passwords were limited to the few technically savvy individuals in academia, big business, and government.

In June of this year the Special Publication got a total rewrite, discarding key commandments that audit and security personnel take as an article of faith. The good news is that the new rules are easier to live with than the original set. The new Digital Identity Guidelines can be found at https://pages.nist.gov/800-63-3/sp800-63-3.html.

What Are the Key Changes?

There are two key changes to the rules: hard to remember alphanumeric combinations with (or without) special characteristics have been replaced by long, easy-to-remember phrases and password expiration advice has been dropped.

According to academics that study passwords, a series of four words can be harder to break than a shorter meaningless jumble of characters. To that point, cartoonist Randall Munroe calculated that it would take 550 years to crack the password “correct horse battery staple” whereas the password Tr0ub4dor&3 could be cracked in 3 days.

Computer security specialists have verified his calculations. (please see the cartoon next page

Next page- Cartoon and Takeaway

RELATED POSTS

AI and Web3: Unleashing the Power of Decentralized Intelligence

AI and Web3: Unleashing the Power of Decentralized Intelligence

The fundamental definitions of AI and web3 as they stand today By now you have probably heard a lot about the pros and cons of Artificial Intelligence or AI and Web3. In this article, we will explore the relationship of AI and Web3, its implications across various...

Video Gallery

Polls

Sign Up for the Latin Biz Today Newsletter

PR Newswire

Innovation & Strategy

Money

Talent/HR

Legal

Marketing

Culture

Fashion

Food

Music

Sports

Work & Life

Mindfulness

Health & Fitness

Travel & Destinations

Personal Blogs

Pin It on Pinterest