password security – GC Infotech LLC Work Smarter!

Tag Archive for: password security

Improving password security

Still relying on traditional password policies like forced resets and complex character requirements? Those rules are outdated. It’s time to take a more modern approach with guidance from the National Institute of Standards and Technology (NIST), simplifying security without compromising protection.

Why should your business listen to NIST?

NIST is a US government agency that sets cybersecurity standards. Although originally created for federal agencies, its influence now extends to the private sector. Industries that handle sensitive data, such as healthcare, finance, and software, often adopt NIST guidelines because they are based on rigorous real-world testing and an understanding of human behavior.

In fact, many modern compliance frameworks, including HIPAA and SOC 2, now incorporate NIST’s approach to identity management, establishing its recommendations as the gold standard for any security-conscious business.

Outdated practices vs. new NIST standards

To strike a balance between security and ease of use, organizations must abandon old password policies and adopt NIST’s latest password security guidance.

Prioritize password length over complexity

One of the biggest changes in password security is the move from strict complexity rules. This means organizations no longer need to require combinations of uppercase letters, numbers, and symbols. The reason is simple: users find predictable ways to meet these rules (e.g., “Password123!”), making passwords incredibly easy to guess.

Length is now the most important factor in password security. Longer passwords are harder for cybercriminals to crack, even with powerful hardware. While NIST guidelines suggest a minimum of eight characters for standard accounts, security experts recommend 12 to 16 characters for a better balance of security and usability.

To support this shift, systems should now accommodate passwords up to 64 characters long, enabling users to create memorable passphrases. A passphrase, which is a string of unrelated words (e.g., “bluecoffeetrainsunset”), is now considered one of the most secure and user-friendly authentication methods. Because they are easier to remember and significantly harder to crack than short, complex passwords, passphrases offer superior security and convenience.

Furthermore, NIST now mandates that systems accept all printable ASCII characters, spaces, and Unicode symbols. This allows users to create longer, more memorable passphrases using native language characters or even emojis, which can also help reduce the frequency of password reset requests.

End forced password resets

Mandatory password changes every 60 or 90 days are an outdated practice. This policy often leads to security fatigue, prompting users to create weaker, more predictable passwords.

Instead, NIST now recommends a more practical approach:

Require password changes only when there’s evidence of a compromise.
Actively monitor accounts for suspicious activity.
Trigger password resets based on actual risk, not a fixed schedule.

Screen passwords and monitor for compromised credentials

Attackers often rely on leaked password lists rather than randomly guessing. That’s why the NIST recommends organizations do the following:

Block the use of common passwords (e.g., “123456”).
Prevent employees from using passwords exposed in past breaches.
Continuously monitor for exposed credentials.

Use password managers

Since every account needs a long, unique password, remembering them all is practically impossible. That’s why NIST highly recommends the use of password managers. These tools act as a secure digital vault, generating and autofilling strong passwords so your team doesn’t have to.

Beyond the password: MFA and biometrics

Passwords alone aren’t enough to ensure security. NIST recommends that when a password is required, it must be paired with an extra layer of verification:

Phishing-resistant MFA

Multifactor authentication (MFA) fortifies accounts by requiring more than just a password for account access. However, NIST now advises against using SMS text codes for MFA, as hackers can intercept these. Instead, they recommend using authenticator apps or hardware security keys (small USB tokens). With these methods, the “key” to your account remains securely on your physical device.

Safe and accurate biometrics

For biometric security such as facial recognition and fingerprint, NIST sets high standards for:

Accuracy: Systems must have a false match rate of less than 1 in 10,000 to ensure reliability.
Privacy: Your actual fingerprint or face image is never stored. Instead, the system generates a unique digital map (a template) and immediately deletes the original biometric data, protecting your identity.

Connect with our experts to bolster your cyber defenses against emerging threats and explore the future of password security.If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

April 21, 2026/by John Murray

Is your password strong and secure?

A password is more than just an assortment of characters you’re required to enter in order to access your accounts. It is the first line of defense against potential threats and attacks. A weak password makes it easier for hackers or cybercriminals to gain access to your personal information, such as financial details or sensitive data. But there are many people who are completely misguided about what a strong password actually is.

The importance of secure passwords for your business

While many personal accounts are password-protected, securing your business accounts is equally critical. This applies not just to you but to your entire company. Every employee should use strong passwords to safeguard sensitive business data. Imagine the potential harm a cybercriminal could cause if they gained access to your data and systems. It could tarnish your business’s reputation and jeopardize both your employees’ and customers’ private information.

What makes a password strong? (Hint: It’s not about complexity)

Contrary to popular belief, the strength of a password is not solely determined by its complexity. While including a combination or letters, numbers, and symbols can enhance password security, it’s not as effective as using a longer sequence.

A long password is far stronger because it increases the number of possible combinations that an attacker needs to guess. This means that even if your password contains common words or phrases, it will still be significantly more difficult to breach if it’s longer. In fact, a lengthy passphrase consisting of a series of unrelated words can often be stronger than a shorter password filled with complex characters. For instance, “PurpleBananaSunsetRiver” is not only easier to remember but also more secure than something like “P@ssw0rd1” because of its length and randomness.

Furthermore, longer passwords are more resistant to brute force attacks, which involve using automated programs to guess different password combinations until the correct one is found. The longer the password, the more time and computational power it would take for an attacker to crack it, making it a far less appealing target. So, when creating strong passwords for your business accounts, prioritize length and complexity to bolster your online security effectively.

Educating your team on password security

If you manage a team, it’s crucial to educate them on the significance of strong, lengthy passwords. Ensure your team receives training on cybersecurity practices, including password creation. A single weak password could open the door to a cyberattack, emphasizing the importance of collective diligence.

Simplifying strong password creation

Creating robust and lengthy passwords doesn’t have to be a tedious process. If you struggle to create or remember them, consider using a password manager. This tool can generate long and unique passwords for each account based on your preferences. It will then store them securely so that you only need to remember one master password to access all your accounts.

Passwords are often the easiest to overlook when it comes to online security, but they are also the most critical. If you need further guidance or assistance in enhancing your cybersecurity practices, get in touch with us. Our team of experts is ready to help you navigate the digital world securely.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

November 20, 2023/by John Murray

Security

How to create stronger passwords

Passwords are a necessary evil in today’s world. We need them to protect our online identities, but they can be a pain to remember and type in. That’s why it’s important to ensure your passwords are up to date and compliant with the National Institute of Standards and Technology (NIST) guidelines. NIST released updated password guidelines that include new requirements for length and complexity. In this blog post, we will discuss the new NIST guidelines and how you can update your passwords to comply with them.

Outdated practices

The previous NIST guidelines on password creation followed a conventional approach to password security. The guidelines recommended regular password resets and the use of long, complex passwords (i.e., required minimum number of characters, use of special characters and numbers, etc.).

But these guidelines unintentionally led to people making weakening passwords using predictable capitalization, special characters, and numbers. And though users changed passwords on a regular basis, many assumed that they could simply add or change one or two characters in their password. These practices proved to be ineffective and resulted in the creation of passwords that hackers could easily crack via brute force.

Stronger password for better security

NIST eventually admitted that their initial recommendations only caused more difficulties than it resolved. In 2020, the organization updated its guidelines.

Among the most notable changes are:

Frequent password resets are no longer required. Resets are now only required in case a password is compromised or forgotten.
Password complexity requirements have been dropped in favor of construction flexibility — NIST recommends the use of long passphrases instead of long, overly complex passwords.
Mandatory screening of new passwords against lists of common or compromised passwords is highly recommended.
The use of nonstandard characters, such as emoticons, is now allowed.

The implementation of multifactor authentication (MFA) is encouraged. MFA has many advantages, which is why most cybersecurity experts advise businesses to adopt it in their login policies. By requiring multiple sources of authentication, MFA helps prevent unauthorized access to sensitive information and systems.

Call us now! 203-327-5700