Training Page 9-13

Football players on the sideline
New seasonal content.

NIST Guidelines

The National Institute of Standards and Technology (NIST) is in the process of finalizing Special Publication 800-63-3: Digital Identity Guidelines, which provides new guidance revising its long-standing best practices for system password characteristics.

New Best Practices

Instead of needing to change passwords frequently and requiring them to meet complexity requirements—such as using symbols and different cases—as the established guidelines have suggested for years, the new framework recommends creating passwords that:

Use a long string of random words that can be remembered by the user
Exclude repetitive or sequential characters and numbers
Are screened against a list of commonly used or compromised passwords
Aren’t changed, except in the event of a system breach or cyber incident
The new guidance also suggests dropping the practice of password hints triggered by questions asking the user specific types of personal information, such as: What was the name of your elementary school?

Reasoning
The previously established password security guidelines set by NIST have unintentionally resulted in unsecure password practices. By needing to regularly generate new, complex passwords, users have tended to create common, easily remembered, and easily guessed passwords instead.

The idea behind the new guidance is to reduce this practice and make it easier for end users to create and maintain fewer and more secure passwords.

Next Steps
While the new changes to password security practices will likely help reduce the number of easily preventable security breaches, it’s important to remember that even the most secure passwords can become compromised. Cyber attackers can still get around strong passwords through the use of phishing attacks, phone-based impersonations, and other social engineering techniques—all of which require vigilance and strong internal controls to deter.

Link Section
  1. Bee Painting On Stripes.png
  2. Click here to go to video

  3. Staff Directory