Are Your Passwords Safe?
The US National Institute of Standards and Technology (NIST) has issued new guidelines for password security that turn accepted wisdom about creating long strings of letters, numbers and symbols on its head.
NIST, a non-regulatory federal agency within the US Department of Commerce, issued the original advice in 2003 that became the global standard for password security. But it now says the advice led people to create predictably ‘complex’ passwords in a bid to remember them, which made them more vulnerable to hackers.
Key changes in NIST’s new digital identity guidelines include:
- Don’t arbitrarily mix letters, numbers and symbols to make a password. Instead, create passwords that are more memorable.
- Single dictionary words, the user’s street address or numeric sequences such as 1234567 should be banned.
- Organisations should screen the strength of their passwords against those used in cybercriminal dictionary attacks; a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.
- Stop frequently changing passwords, for example each month, as it leads to poor passwords being created.
I absolutely agree with the last one, it has always seemed to me absolutely stupid to keep changing a password as long as it is secure.
As for the first one I am guilty of that because I use a password storage program called
Keepass to create and store all my passwords. It has versions for both PC and Android so I can carry the encrypted file on my phone as well.