Call us now! 203-327-5700

  • 0Shopping Cart
GC Infotech LLC Work Smarter!
  • Home
  • IT Services
    • Free IT Consultation Form
    • Business Continuity & Disaster Recovery
    • Cloud Computing & Virtualization
    • Computer Network Support
    • Network & Server Maintenance
    • Office IT Relocation Service
    • Website Development & Design
  • About us
    • Our Story
    • IT Consultants
    • Our Methodology
    • Competitive Advantage
  • Learning Center
  • Technology Partners
  • Testimonials
  • Customer Remote Support
  • Contact
  • Menu
Data Protection, Security

Think your password is secure? Think again

The National Institute of Standards and Technology (NIST) created many of the password best practices you probably loathe, including using a combination of letters, numbers, and special characters. The NIST now says those guidelines were ill-advised and has changed its stance. Find out why and what this means for you.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms.

Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies.

MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers’ attempts to crack passwords would be futile.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack.

What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised.

Finally, you should also enforce the following security solutions within your company:

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers from the network OR keeps hackers from accessing the network.

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

September 21, 2021/by John Murray
Tags: account monitoring, multifactor authentication, passphrases, password, password security, security best practice, single sign-on
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on Linkedin
  • Share on Reddit
  • Share by Mail
https://gcinfotech.com/wp-content/uploads/2021/09/Sept-14-21.png 200 201 John Murray https://gcinfotech.com/wp-content/uploads/2018/05/gcinfotech_logo_4501-l-300x91.jpg John Murray2021-09-21 10:56:012021-09-21 10:56:01Think your password is secure? Think again
You might also like
Practical tips to secure your email account
7 Easy ways to prevent data loss in Microsoft 365
What is single sign-on and what are its benefits?
Businesses are still risking plenty when it comes to remote working
Everything you need to know about single sign-on
Microsoft 365 data security: 7 Ways to boost protection
Keep Your Information Secure By Using Strong Passwords
Working remotely? Follow these cybersecurity tips

Route

Office Hours

Monday – Friday:

8:00 AM – 5:00 PM

Saturday – Sunday:

Closed

An Accredited Business

Click for the BBB Business Review of this Web Design in Stamford CT

GC Infotech LLC

2009 Summer St
Stamford, CT, United States

(203) 327 5700
info@gcinfotech.com

Categories

  • Business Operations
  • Cloud Computing
  • Data Protection
  • Equipment
  • Hedge Funds IT Services
  • IT Solutions
  • Law Firms IT
  • Mobile Workforce
  • Network Support
  • News
  • Office 365
  • Online Backup
  • Security
  • Uncategorized
  • Website Development

Latest Posts

  • Crucial WordPress maintenance tasks to keep your site running smoothlyMarch 17, 2023 - 12:55 pm
  • 6 Proven strategies to keep your work devices secureMarch 6, 2023 - 10:57 am
  • How to defend against browser security threatsFebruary 24, 2023 - 2:36 pm
© Copyright - GC Infotech - Enfold WordPress Theme by Kriesi
What is single sign-on and what are its benefits? Microsoft 365’s must-try features for hybrid workers
Scroll to top
  • Pay a Bill

  • Remote Support

  • Call us 203-327-5700