Contact us at (571) 408-8810

CMMC Compliance Services

Confidently navigate the CMMC process

Assessments for Contractors

Gap assessments, JSVA, or CMMC Level 2 Assessments.

Assessments for MSPs

Get yourself, and your clients, CMMC ready.

CMMC Compliant Managed IT

Stay secure, compliant, and operational with DIB focused managed IT services.

Complimentary CMMC Consultation

Talk to our team of experts to understand where you stand today, and get a plan for the future.

Not a DoD Contractor?

We also serve small and medium business in the Northern Virginia area. Reach out today to see if our tailored IT solutions can help your business stay secure and up and running.

Our Company

Learn about our mission and company history.

Z

Why Choose Resilient IT?

We're mission oriented, focused on building resilient technology, compliance, and cybersecurity solutions.

~

Our Security

Careers

New NIST Password Guidelines: Key Changes You Need to Know

Written by Kevin Mann

Cybersecurity

nist, passwords, security

October 9, 2024

The U.S. National Institute of Standards and Technology (NIST) has updated its Password Guidelines, marking a significant shift in recommended best practices for password management. Here’s a breakdown of the key points and changes from the latest draft of SP 800-63-4, published in September 2024.

Major Changes in Password Management Practices

  1. No More Complex Character Requirements: NIST now advises against the traditional recommendation of using a mix of character types (uppercase, lowercase, numbers, and symbols) in passwords. This change aims to simplify password creation while maintaining security.
  2. End of Mandatory Periodic Changes: Organizations are no longer required to mandate regular password changes unless there is evidence that a password has been compromised. This aims to reduce user frustration and improve compliance.
  3. Ban on Knowledge-Based Authentication: NIST has eliminated the use of knowledge-based authentication (KBA) or security questions as a means of verifying identity. This is to enhance security, as these methods are often easy for attackers to bypass.

Recommendations for Password Creation

Despite the relaxed requirements, NIST still emphasizes strong password practices:

  • Minimum Length: Passwords should be at least 15 characters long to enhance security.
  • Maximum Length: Users should be allowed to create passwords of up to 64 characters.
  • Character Variety: Both ASCII and Unicode characters should be permitted, allowing for greater complexity without overcomplicating password requirements.

Context and Implications

These changes reflect a growing consensus among security experts, including the U.S. Federal Trade Commission and Microsoft, who have long advocated for these principles. The updated guidelines aim to streamline password management while maintaining robust security standards, making it easier for users to create and manage their passwords effectively.

Conclusion

NIST’s revised Password Guidelines represent a significant evolution in password management practices. By moving away from complex character requirements and unnecessary periodic changes, the new guidelines are designed to enhance both user experience and security. Organizations should review these updates and adjust their policies accordingly to align with these new best practices.

For more details, you can check out the official NIST publication.

Stay secure out there! 🛡️

You May Also Like…