NIST also recommends temporarily baring access to accounts for a certain period of time when users enter incorrect details - and locking them out altogether after 100 attempts. Lower the limit of “Failed Password” attempts This way, guesswork can be eliminated, stress can be avoided, and your workforce will be more likely to use effective codes to safeguard their accounts. To avoid this issue, NIST tells businesses to let workers see what passwords they're typing. Not only does this make users more prone to being blocked out of their accounts, it also makes them less likely to create complex codes in the future. When employees type in long and complex passwords blindly, it makes typos and errors extremely common. Therefore, to make life harder for cybercriminals, and easier for you and your business, we recommend setting a character limit that ranges from 8-64. This is clear from Hive Systems research that found that passwords eight characters long are able to be hacked within eight hours by the average hacker, while shorter codes can be compromised within a few minutes. Set a password minimum of eight charactersĪccording to NIST, creating a longer password is more important than creating a complex one. If you're responsible for setting the password policies for your organization, read on for six practices to bear in mind. To celebrate National Password Day 2023, we brushed up on the latest National Institute of Standards and Technology (NIST) guidelines and created a list of password tips for companies and workers to follow in 2023. Until they're phased out completely, maintaining good password hygiene is the only way your company can stay safe from rapidly evolving threats like keylogger programs and AI password crackers.Ĭreating a strong password isn't rocket science - but conflicting regulations have created a cloud of confusion around the topic making it hard for businesses to know which requirements to use across their systems. While tech-savvy solutions like passkeys and two-factor authentication (2FA) continue to be favored by companies like Google, Apple, and Microsoft, the humble password isn't dead yet.
0 kommentar(er)
