The New Password Rules

If you’re still doing passwords the old-fashioned way, it’s time to rethink things.

The National Institute of Standards and Technology has a whole new list of rules that calls for less complex passwords that you don’t have to continually change.

Forget about mixing upper and lower case letters, numbers, and irregular characters. It turns out that since these passwords are harder to remember, people tend to go for the simple ones. Plus, when they change them, they often only change one or two characters. Also knowing that a site requires one capital letter and one special character can tip hackers off when guessing a password.

Most hackers aren’t trying to guess your password manually. They’re using a program that generates combinations of letters and numbers, trying everyone that’s available. So you end up with passwords that people have problems remembering, but computers can guess pretty easily.

So what are the new rules?

No more changing passwords every month or two.

Switching out passwords frequently encourages people to stick with super-simple ones that they only change a couple of characters for.

Get rid of requirements for upper/lower case letters, numbers, and special characters

The longer the password, the better:

Create a password up to 64 characters in length. An uncommon phrase familiar only to you is a good choice.

Example: “auntsallylovesgreentomatopicklesbutonlyinseasonwithhomemadebread”

Check all passwords against lists of frequently used passwords or passwords that have been compromised.

Click here to visit PWNED Passwords. This site will let you know if your password has been used in any data breaches.

Of course, the catch is that many sites are still following his old rules and you can only create passwords based on what the particular program or website will allow.  And honestly, more passwords are exposed by companies and websites having poor cyber-security practices than by users having weak passwords. That’s why it’s important to enable two-factor authentication if it’s available.

That means there’s an additional step involved besides just entering your password. You may need to answer a question or enter a code send to your phone. If a hacker manages to crack your password, at least you’ve got another line of defense.

If you aren’t familiar with two-factor authentication, click here to read more.

Enable biometric identification when possible. If your device or account offers fingerprint or facial recognition, turn it on.

If you have any questions about passwords, feel free to let me know

One thought on “The New Password Rules

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.