The new guidelines from NIST signal a progressive shift in password management for organizations. Password complexity with special characters is being phased out in favor of longer passwords, which are deemed more secure. A minimum length of 15 characters is recommended for critical accounts, while 8 characters is acceptable in multi-factor setups. This approach aims to reduce the predictability of passwords, which can often lead to security breaches.
Additionally, NIST advises against scheduled password resets, allowing changes only when a password has been compromised. Traditional methods like security questions are also being replaced by more robust recovery methods such as password recovery links and authentication codes. The emphasis is on creating more secure, pragmatic practices, which include using a password “blocklist” to prevent the use of commonly compromised passwords. These updates are particularly vital for small businesses, which are still vulnerable to credential abuse and other cyber threats.
👉 Pročitaj original: Malware Bytes
