Your password may not be secure — update it now

10 Sep 2021

blog

The National Institute of Standards and Technology (NIST) once said that a good password consisted of three things: upper- and lowercase letters, numbers, and symbols. However, the NIST has now reversed its stance on good passwords. Here’s why and what they are now recommending.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “[email protected]

Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms.

Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies.

MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers’ attempts to crack passwords would be futile.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack.

What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised.

Finally, you should also enforce the following security solutions within your company:

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers from the network OR keeps hackers from accessing the network.

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

CONTACT US TODAY

Swift Chip provides managed IT and cybersecurity services for a wide variety of companies in fields with stringent privacy and compliance requirements.

Contact Us

Contact Info

LOS ANGELES

10100 Venice Blvd, Culver City, CA 90232, United States

[email protected] 310-881-8770
Swift Chip, Inc.
5.0
Based on 9 reviews
powered by Google
Adrianna SmithAdrianna Smith
01:52 27 May 22
The team at Swift Chip is responsive, knowledgeable, and super kind! Anytime I have an issue, they are quick to contact me back. Technology issues can be very overwhelming for a business owner, so having them on my team is super helpful to keeping my business operating smoothly!
Gary RotkopGary Rotkop
19:50 08 May 20
Very knowledgeable and professional staff that responded quickly, understood what I needed and resolved the issue economically. I had a very specific technical issue with an integration. Although AJ did not have specific knowledge of this very esoteric software, he managed to figure it out within minutes as we were discussing the problem. Very impressed. Thanks Swift Chip.
Udi BarkaiUdi Barkai
14:38 12 Oct 18
We have been working with SwiftChip for the last four years and have exceptional experience with these guys. In particular we would like to mention their extensive knowledge and outstanding customer service.
Keith R. SpragueKeith R. Sprague
10:46 22 Apr 16
Ken and his staff are great. They are very knowledgeable and always seem to have the answer. Highly Recommend...
Van HaasVan Haas
16:27 21 Oct 15
Ken May and his team at Swift Chip has always done a great job for me and the clients I refer. They are on the ball and are usually flexible with their schedule. They know their stuff and get it done right!
Tina Reed JohnsonTina Reed Johnson
16:46 25 Oct 12
Ken May is a very personable and responsive business owner, who is always ready to assist with computer and mobile issues. Swift Chip has the knowledge and know-how to get the job done, no matter how big or small.
Ken HowerKen Hower
14:03 09 Nov 11
Swift Chip worked on my wife's laptop and made it run better than ever...better than new! Pricing was more than reasonable...Call Ken May at Swift Chip...he's the man!!!

VENTURA

2140 Eastman Ave, #104 Ventura, CA 93003, United States

[email protected] 805-318-8770
Swift Chip, Inc.
5.0
Based on 7 reviews
powered by Google
Robert BrothersRobert Brothers
22:11 24 May 22
Best IT company I've worked with in the last 20 years. Highly recommended!
Kate BernabeKate Bernabe
00:52 16 Nov 21
Jim DeArklandJim DeArkland
22:34 20 Jun 21
always a positive experience!
Tiara PalazuelosTiara Palazuelos
15:11 18 Sep 20
They respond very quickly an are very professional! I'm very happy with the IT services they've provided!
Eric AndersonEric Anderson
17:25 06 May 19