Russell Technologies - Fenton, MO
Remote Support

Your passwords are not secure

Security

Your passwords are not secure

A password policy designed for federal agencies must be secure, right? Surprisingly, that hasn’t been the case according to the National Institute of Standards and Technology (NIST). On the hook for the password best practices that we still use today — the combination of letters, capitalizations, and numbers — NIST admits that the existing guidelines were misguided. Find out why and how it involves you.

The problem

The issue isn’t necessarily that NIST advised people to create passwords that are easy to crack, but it did steer people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone, including you and your colleagues, to use passwords that are hard for humans to remember but easy for computers to guess.

The solution

One cartoonist pointed out just how ridiculous NIST’s best practices were when he revealed that a password like “Tr0ub4dor&3” could be cracked in only three days while a password like “correcthorsebatterystaple” would take about 550 years.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

  • Multi-factor Authentication – which only grants access after you have successfully presented several pieces of evidence
  • Single Sign-On – which allows users to securely access multiple accounts with one set of credentials
  • Account Monitoring Tools – which recognize suspicious activity and lock out hackers

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do to fortify security, just give us a call.

Published with permission from TechAdvisory.org.
Back to Blogs

Previous Blogs

What to consider before you buy a new PC

What to consider before you buy a new PC

Purchasing a new computer can be a daunting task, especially if you’re not familiar with its components. You’ll want to make sure you make the right choice so you don’t end up buying one that becomes obsolete within just a few years. How much money should you spend? Which model is the best for you? […]

read more
4 must-know facts about the Cloud

4 must-know facts about the Cloud

Cloud computing has given companies affordable and flexible solutions to deal with rapidly advancing technological demands. However, for the small business owner, there are still many common misunderstandings about using cloud services. Here are a few things some businesses owners misunderstand about the cloud. #1. Cloud infrastructures are unsecure Information security is a necessity for […]

read more
New design upgrades to Microsoft Office 365

New design upgrades to Microsoft Office 365

Office 365 apps like PowerPoint, Word, Outlook, and Excel will be getting upgrades over the next few months. Microsoft expects these new features to boost productivity and overall efficiency of business users. Here’s what they have planned. Simplified ribbon The biggest update is with the ribbon, which is a command bar at the top of […]

read more