5 password protection fallacies

October 7, 2020 by David Ralstin, Allied Insights

The National Institute of Standards and Technology (NIST) has recently updated certain password guidelines that were previously thought to improve security.¹These new recommendations aim to reduce vulnerabilities that result from the enforcing of certain password requirements.

According to NIST, the following security protections are no longer considered necessary when establishing your employees’ or accountholders’ password requirements:

Password Protection Fallacy #1: Require Special Characters in Passwords

NIST now suggests companies eliminate special character requirements, stating the following regarding the adverse effect these rules can have: “Users respond in very predictable ways to the requirements imposed by composition rules. For example, a user that might have chosen ‘password’ as their password would be relatively likely to choose ‘Password1’ if required to include an uppercase letter and a number, or ‘Password1!’ if a symbol is also required.”

NIST also now recommends allowing any character to be incorporated into passwords, versus eliminating the use of certain ones (e.g. spaces and dashes).

5 password protection fallacies

Featured

Ways to lower your tax burden tomorrow (and the day after)

Financial literacy initiatives on the rise in America’s high schools

Automation vs a live agent—Which do you prefer?

Under the influence: 5 key questions to ask before diving into influencer marketing

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!