Tuesday, September 3, 2019

New Password Standards

None of us like passwords, well, except for the good that they do for us.

New research from NIST helps us to understand better ways to build passwords, and Visionlink has released an upgrade to its CommunityOS 2 platform in response.

The most fundamental change in the standards by NIST (National Institute of Standards and Technology), is about the frequency of forcing password changes.  Survey says? Never. 

That's right: in common use, requirements to change passwords every 30 or 180 days, as examples, result in less secure passwords. 

The second major change concerns a previous recommendation to mix letters and numbers. Gone.  And again, this is because the complexity causes real-world users to use passwords that can be broken too easily, and also because automated password breakers can easily deal with something like "st0rmC1ouds."

Repeated patterns (aaabbbccc) and sequences of adjacent keys on keyboards (jklnm), and common passwords are further examples of what we all should avoid.

Visionlink's recent release is designed to provide an indicator (with both bar length and color) of a user's password strength. It also analyzes your password request and responds with reminders of what needs to be be improved. We may also force resets if old passwords do not meet our new standards. 

So, stay away from patterns and common names, colors, days of the week and letter and number replacements.  Go for long random passwords or phrases.  Use a password manager so you don't need to remember them all (and to manage a different password for every site.)

Stay secure everyone.