...
- Length over Complexity: NIST advises using long passwords, recommending a minimum of 8 characters for user-generated passwords and at least 12 characters for system-generated ones. Complexity (like mixing letters, numbers, and symbols) is less emphasized than length.
- Avoiding Common Words and Phrases: Passwords should not include easily guessable or common information like names, dates, or simple patterns.
- Screen New Passwords Against Commonly Used Choices: Organizations should check new passwords against lists of commonly compromised passwords to prevent users from picking easily hackable options.
- Eliminate Periodic Resets: NIST and Microsoft suggest doing away with routine password changes unless there's a known security issue. This counters previous advice, as frequent changes often lead to weaker password choices.
- Encourage Passphrases: Passphrases, which are longer and can be more memorable phrases, are recommended over traditional passwords for better security and usability.
- Implement Multi-Factor Authentication (MFA): MFA adds an extra layer of security, requiring a second form of identification beyond just a password.
- User-Friendly Password Recovery: Options for password recovery should be straightforward and secure, avoiding security questions with easily researchable answers.
Bacon ipsum dolor amet rump cow pancetta jerky salami short ribs strip steak. Pork chop ground round tenderloin, corned beef pork belly salami filet mignon fatback beef ribs pig boudin capicola. Prosciutto turducken landjaeger strip steak beef ground round. Spare ribs kevin chislic chicken meatball fatback ground round ham corned beef.
