...
- Length over Complexity: NIST advises using long passwords, recommending a minimum of 8 characters for user-generated passwords and at least 12 6 characters for system-generated ones. Complexity (like mixing letters, numbers, and symbols) is less emphasized than length.
- Avoiding Common Words and Phrases: Passwords should not include easily guessable or common information like names, dates, or simple patterns.
- Screen New Passwords Against Commonly Used Choices: Organizations should check new passwords against lists of commonly compromised passwords to prevent users from picking easily hackable options.
- Eliminate Periodic Resets: NIST and Microsoft suggest doing away with routine password changes unless there's a known security issue. This counters previous advice, as frequent changes often lead to weaker password choices.
- Encourage Passphrases: Passphrases, which are longer and can be more memorable phrases, are recommended over traditional passwords for better security and usability.
- Implement Multi-Factor Authentication (MFA): MFA adds an extra layer of security, requiring a second form of identification beyond just a password.
- User-Friendly Password Recovery: Options for password recovery should be straightforward and secure, avoiding security questions with easily researchable answers.
| Secure Passwords for Educators by WiscNet is licensed under CC BY 4.0. You are free to copy and redistribute this material in any medium or format for any purpose, including commercially. Also, you are encouraged to remix, transform, and build upon the material, provided you give appropriate credit and indicate if changes were made. Your voice makes WiscNet a hub of shared wisdom and practical solutions. Please share any success stories or challenges you have faced that could benefit others through the WiscNet community |
