It’s time to rethink your password

December 14, 2018Manhattan Tech Support

Business IntelligenceIT Consulting & StrategySecurityTech Support & Managed IT ServicesTelecommunicationsConstructionEducationFinanceHealthcareLegalReal Estate

In 2003, a manager at the National Institute of Standards and Technology (NIST) authored a document on password best practices for businesses, federal agencies, and academic institutions. More recently, however, the institute has reversed its stance. Find out why and what great passwords are made of.

The problem

The issue isn’t necessarily that the NIST advised people to create passwords that are easy to crack, but it steered people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for computers to guess.

Recently, the institution admitted that this scheme can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief hacking officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to utilize multifactor authentication (MFA) in login policies.

This requires users to present two valid credentials to gain access to their data. For instance, a code texted to an employee’s smartphone can serve as an added security measure to thwart hackers.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “correcthorsebatterystaple” or “iknewweretroublewhenwalkedin5623”. These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do, just give us a call.

Published with permission from TechAdvisory.org. Source.

Related Articles

Manhattan Tech Support Participates in Cycle for Survival – Raises Over $4,000 to Defeat Rare Cancers in 2019

calendar March 13, 2019

author Manhattan Tech Support

IT Consulting & Strategy Construction Education Finance Healthcare Legal Real Estate

Manhattan Tech Support Participates in Cycle for Survival – Raises Over $4,000 to Defeat Rare Cancers in 2019

  On Sunday, March 10, 2019, ManhattanTechSupport.com LLC’s team members participated in the annual “Cycle for Survival” fundraiser to defeat rare cancers. The team proudly raised over $4,000 for this important cause and over $41 million was raised nationwide. With

Read More
HIPAA Compliance in 2019 – A Mix of Challenges and Opportunities for Healthcare Providers to Become and Remain Compliant

calendar March 12, 2019

author Manhattan Tech Support

Cloud Services IT Consulting & Strategy Security Tech Support & Managed IT Services Healthcare

HIPAA Compliance in 2019 – A Mix of Challenges and Opportunities for Healthcare Providers to Become and Remain Compliant

In recent years, The Department of Health and Human Services Office of Civil Rights Management (OCR), has aggressively increased efforts to make sure that healthcare providers are properly implementing the Health Insurance Portability and Accountability Act (HIPAA) and Health Information

Read More
ManhattanTechSupport.com LLC Recognized for Excellence in Managed IT Services in 2019

calendar March 5, 2019

author Manhattan Tech Support

IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Real Estate

ManhattanTechSupport.com LLC Recognized for Excellence in Managed IT Services in 2019

New York, NY, March 5, 2019 – ManhattanTechSupport.com LLC, the leading IT support and services company in New York City, announced today that CRN®, a brand of The Channel Company, has named ManhattanTechSupport.com LLC to its 2019 Managed Service Provider

Read More