Update your passwords now! If you’re like most people, you probably have passwords that are easy to remember or use the same one for multiple accounts. But by doing either of these, you could be putting yourself at risk to cyberattacks. To ensure the security of your online accounts, follow the latest password guidelines from the National Institute of Standards and Technology (NIST), which we’ve outlined for you in this blog.
The previous NIST guidelines on password creation followed a conventional approach to password security. The guidelines recommended regular password resets and the use of long, complex passwords (i.e., required minimum number of characters, use of special characters and numbers, etc.).
But these guidelines unintentionally led to people making weakening passwords using predictable capitalization, special characters, and numbers. And though users changed passwords on a regular basis, many assumed that they could simply add or change one or two characters in their password. These practices proved to be ineffective and resulted in the creation of passwords that hackers could easily crack via brute force.
NIST eventually admitted that their initial recommendations only caused more difficulties than it resolved. In 2020, the organization updated its guidelines.
Among the most notable changes are:
The implementation of multifactor authentication (MFA) is encouraged. MFA has many advantages, which is why most cybersecurity experts advise businesses to adopt it in their login policies. By requiring multiple sources of authentication, MFA helps prevent unauthorized access to sensitive information and systems.
Other password security solutions to consider
Lastly, you should implement the following security solutions throughout your company:
Updating your passwords may seem like a hassle, but it is one of the most important things you can do to boost your cybersecurity. By following the updated guidelines and making sure your passwords are secure, you can help protect yourself and your business from identity theft and other cyberthreats.