• Home
  • NIST Releases New Password Rules: What Does It Mean for You?

NIST Releases New Password Rules: What Does It Mean for You?

NIST Releases New Password Rules
15Oct

NIST Releases New Password Rules: What Does It Mean for You?

Editor’s note: In recognition of National Cybersecurity Awareness Month this October, we are publishing a series of blog posts dedicated to educating and informing you about cybersecurity practices. This is the seventh in a series of posts. Below, you can find a list of links to the rest of the series:

The National Institute of Standards and Technology (NIST) recently proposed new password guidelines that validate what many managed service providers have been recommending for years.

The goal is to eliminate outdated methods that, at face value, appear to improve security but lead to people using predictable and weaker password patterns.

What are the Updated Password Guidelines?

For a full list of NIST’s recommendations for online service providers, click here. Here are our key takeaways:

  • Don’t make symbols, numbers and uppercase letters mandatory: Stop forcing users to create complicated passwords with arbitrary rules.
  • Less frequent password changes: Don’t force password changes every 30, 60 or 90 days.
  • Longer passwords: Passwords should be at least 15 characters.

“While these guidelines are meant for online service providers and not designed to tell you how to create passwords, there are some takeaways you can implement into your password habits.”

Why Does This Matter?

For the longest time, complexity has been at the root of selecting secure passwords. Forcing you to create a password with at least one lowercase letter, one uppercase letter, a number and a symbol makes it very difficult for a hacker or program to crack.

But when people are forced to abide by these rules and then forced to change that password regularly, they tend to create patterns that seem secure and unique on paper but aren’t.

How many times have you been forced to change your password only to add one number, one symbol, the month or the year at the end of your original password? Hackers know these tricks, and it doesn’t make your accounts more secure.

Instead, you should try to create longer passwords (or passphrases) that are easier to remember and satisfy the 15-character or higher recommendation. A passphrase like “GreenPhoneTurkeyDrive” is much stronger than “P@$$W0rD2024,” easier to remember and doesn’t fall into a pattern that can be easily guessed.

The point is to stop relying on complexity and start focusing on length and uniqueness.

What Should You Do Now?

While these guidelines are meant for online service providers and not designed to tell you how to create passwords, there are some takeaways you can implement into your password habits.

  • Create long passwords: Avoid short, weak passwords and strive for at least 15 characters. Consider passphrases that are easier to remember.
  • Stop changing passwords unless you have to: Only change your password after a data breach. As noted, changing your password regularly usually leads to weak, predictable patterns anyway.
  • Use a password manager: If you’ve got too many passwords to remember, try a password manager. There are free versions of LastPass, Bitwarden, KeePass and Dashlane that can generate secure passwords for you and store them safely.

Keep Your Organization’s Data Secure

Need help improving your password security or finding the right tools for your business? Contact us here to see how we can help keep your business running smoothly while increasing productivity, security and profitability.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.

Get Support

Share this post

Related Posts

Romance Scam Catfishing Cybersecurity
14Oct

My Dad Lost Thousands in a Romance Scam: How They Work and How to Protect Yourself

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Early Warning Signs Your Employees Need to Look Out for and Report to IT
09Oct

Early Warning Signs Your Employees Need to Look Out for and Report to IT

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

What is Quishing and How Do You Protect Yourself?
08Oct

What is Quishing and How Do You Protect Yourself?

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Tips for Running an Effective Cybersecurity Awareness Campaign
07Oct

Tips for Running an Effective Cybersecurity Awareness Campaign

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

6 Conditional Access Policies You Should Turn on Now
02Oct

6 Conditional Access Policies You Should Turn on Now

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

What is a Pig Butchering Scam and How Do You Protect Yourself?
01Oct

What is a Pig Butchering Scam and How Do You Protect Yourself?

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Take Advantage of Tax Benefits by Upgrading to Windows 11 Now
30Sep

Take Advantage of Tax Benefits by Upgrading to Windows 11 Now

The Windows 10 end date is nearly here. On Oct. 14,... read more

Why Do We Encourage Our Clients to Use Microsoft Edge Over Google Chrome?
25Sep

Why Do We Encourage Our Clients to Use Microsoft Edge Over Google Chrome?

Since releasing in 2008, Google steadily captured more and more... read more

23Sep

How to Access Clipboard History in Windows

If you use the copy and paste commands frequently, you’ve... read more

5 Differences Between Business-grade Computers and Consumer-grade Computers
18Sep

5 Differences Between Business-grade Computers and Consumer-grade Computers

Not all computers are created equally. There are computers designed to... read more