Password security recommendations have changed to take real user practices into account. Forget numbers and special characters, instead choose longer but easier-to-remember passwords.
the National Institute of Standards and Technology (NIST) in the United States regularly publishes a series of recommendations regarding passwords, especially for businesses. but, Latest report It contains some surprises that can make life easier for users.
First, NIST no longer recommends changing your password frequently. This increases the risk that users will choose RecyclingRecycling Their old passwords, with a letter added at the end. A technique known to hackers. Change should only be forced when the system is compromised.
End of symbols in passwords?
In addition, the length of passwords will be more important than their complexity. It is no longer necessary to use a specific combination of characters (uppercase, lowercase, numbers, and special characters). Analytics DatabasesDatabases Leaked data showed that the security gains from this practice are much lower than expected, and that it makes remembering and using passwords more difficult. The report instead recommends passwords of at least 15 characters, with the option to go up to 64 characters.
NIST says all sites should offer a small button to view the password that is typed in plain text, as the main security risk is that there is no one watching you. This will prevent typing errors that might make users think they have forgotten their password. In addition to simpler but longer passwords, the institute encourages two-factor authentication, which prevents a hacker from accessing the account even if they have the password. Finally, NIST recommends using a password manager, which makes it easier to adopt more secure passwords, which means longer and more complex passwords. Even if enforcing a combination of uppercase letters, numbers, and symbols is now no longer recommended for all users because it is counterproductive, complex passwords are still more secure.