NIST updates password guidelines: Mix of characters 'not nearly as significant as initially thought'

The U.S. Department of Commerce's National Institute of Standards and Technology published updated guidelines for passwords in June.

The guidelines serve as technical requirements for federal agencies that use digital identity services to authenticate users on government systems.

Here are five tips related to password requirements.

1. Encourage users to use passwords that are easy to remember.

2. Allow users at least 64 characters for their password. Flexibility in password length will facilitate memorability, according to the guidelines.

3. When users create or change their password, provide meaningful feedback if their suggested password is rejected.

4. Don't prompt users to change their passwords at arbitrary periods. Instead, wait until there is evidence of a compromised user or system.

5. Don't impose arbitrary rules related to a password's mix of character types. For example, many systems require users to construct passwords with digits, uppercase letters and symbols, which is not necessary.

"Analyses of breached password databases reveal that the benefit of such rules is not nearly as significant as initially thought, although the impact on usability and memorability is severe," the guidance reads.

Click here to view the full guidance.

 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars