NIST secret “P@ssw0rd!”​

The National Institute of Standards and Technology (NIST) has introduced sensible recommendations for password management, moving away from outdated practices like frequent password changes and enforcing complex character combinations.

According to NIST’s latest guidelines, password length is the key factor for strength, rather than complexity, and users should be encouraged to create longer passphrases rather than short, hard-to-remember combinations of numbers, symbols, and uppercase letters. This shift acknowledges that many existing password rules have made passwords harder to remember without necessarily improving security.

Additionally, the guidelines suggest that security should not rely on users remembering complex passwords. Tools like password managers are vital in generating and securely storing random, strong passwords. As Bruce Schneier highlights (HERE), these changes reflect years of research showing that older password practices did more harm than good by promoting predictable patterns like “P@ssw0rd!”​

With the rise in data breaches, relying on password length and encouraging two-factor authentication (2FA) adds an essential layer of protection. Moving away from SMS-based 2FA toward more secure methods like app-based authentication also enhances user safety in the face of increasing phishing attacks​

Incorporating these recommendations can help reduce user frustration while strengthening security overall.

________

One more thing, at Pfortner, we take communications privacy very seriously. We encrypt email, messaging and network communications to provide our clientele with uncompromised privacy.

If you need to protect sensitive communications, please see www.pfortner.co.za or send an email to info@pfortner.co.za, and we will get back to you.