Every week, MyTek provides local companies with technology solutions. The topic for this week is passwords. Passwords are usually a big source of frustration for organizations, but certain sectors place more emphasis on them than others. Government-based companies, in particular, must be prepared to retain more secure passwords. While we recognize that not all companies are government-related, there is a lot to be learned about good password procedures from which we can all benefit.
Best Practices to Safeguard Data in Rapidly Changing Times
The National Institute of Requirements and Technology (NIST) in the United States has published new password guidelines and standards for government personnel, and everyone, including businesses, can benefit from at least considering the advice. Some of these may sound strange in comparison to what most professionals say regarding passwords but stick with us. MyTek’s Tip of the Week is a fantastic way to stay up to speed on the latest in technology and business news. Keep in mind that these best practices are very new and may not be supported by all websites or login accounts. Here are a few examples:
- Passwords should be user-friendly: Above all, passwords should be user-friendly and shift the burden of proof on the verifier wherever feasible, according to NIST rules. NakedSecurity mentions that imposing best practices on users isn’t necessarily effective: ‘Much study has gone into the efficacy of many of our so-called “best practices,” and it turns out they don’t help enough to justify the pain they create.’ As a part of the technology solutions we provide to our clients, MyTek can assist your organization with best practices. After all, your security rules are only as good as their implementation.
- Use at least 8 characters: According to the new NIST recommendations, all passwords should contain at least eight characters. Spaces, ASCII characters, and even emojis fall under this category. In addition, the maximum number of characters is said to be 64.
- Make sure you’re not using a password that’s too long or too short: NIST advises users to avoid passwords that are well-known or popular, such as “password,” “this is a password,” and so on.
Choose Wisely: What needs to be done, and what should not
- The rules for composition aren’t great: Stop telling your staff what passwords they should use. Instead, urge people to choose passwords that are both lengthy and alphanumeric.
- Get rid of password hints: You might not be familiar with this one. Password clues should be deleted, according to NIST, since anybody attempting to break into an account can use their knowledge of the target to circumvent this barrier and change a password (or find out the current one). Knowledge-based authentication incorporating questions about the user’s personal life is similar. Also, remember that using the same password for many accounts is a no-no – just one of the real-life technology solutions that may have a significant influence on your day-to-day company data security.
- Passwords will no longer expire: This relates to the previous point about passwords being “user-friendly.” Passwords should only be reset if they have been forgotten, phished, or stolen.
The security of your business data is critical to safeguard your company’s most valuable assets. Overall, NIST aims to make it easier for users to remember passwords while maintaining a high degree of security. How do you feel about some of these new standards? Let us know your opinions in the comments section.
Also, make sure you’re working with a professional to ensure your company’s security. MyTek is one of the most highly regarded Phoenix IT businesses, with an AAA+ rating from the Better Business Bureau and an overall service grade of A from all of our clients. For your IT security needs call MyTek at 623-312-2440.