From The Experts: Passwords You Thought Protected You Are Actually Putting You at Risk
- Replies 0
Forget everything you know about creating passwords! Security experts have a new take on what makes your accounts safe.
Learn why your complicated password might not be protecting you as much as you thought and take note of the latest guidelines that are reshaping our understanding of what it means to be secure online.
The U.S. National Institute of Standards and Technology (NIST) has recently published new guidelines that are challenging the long-held beliefs about password security.
Gone are the days when a jumble of letters, numbers, and symbols was the paragon of a strong password.
Instead, NIST's latest recommendations are advocating for a new approach that may seem counterintuitive at first glance but is grounded in extensive research and analysis.
For years, we've been coached to create passwords that resemble cryptic codes–with a mix of uppercase and lowercase letters, numbers, and special characters.
This complexity was believed to be the key to beat cybercriminals' attempts to access our personal accounts.
However, this complexity came at a cost–our ability to remember these passwords without resorting to insecure practices like writing them down or using the same password across multiple sites.
NIST's findings have shown that these complex passwords were not only a headache for users but also less effective than previously thought.
The reason? Human behavior.
When faced with the task of remembering a complex password, many of us would either simplify it to the bare minimum requirements or repeat it across different accounts, making it easier for hackers to gain access to multiple facets of our digital lives.
The new guidelines from NIST are clear: longer passwords are in, and complexity for complexity's sake is out.
The reason is simple – a longer password exponentially increases the number of possible combinations, making it much harder for attackers to crack, even if the password is made up of simpler characters.
This shift is also a nod to the human element of cybersecurity.
Long but simple passwords, or passphrases, are not only more secure but also easier to remember.
For example, a string of random words like “bigdogsmallratfastcatpurplehatjellobat” creates a password that is both highly secure and user-friendly.
In a similar story, find out if your 4-digit PIN is among the top 10 hacked and explore some strategies you can try to set a strong PIN.
Advances in computing power have made it easier for cybercriminals to crack short, complex passwords.
However, they still struggle with lengthy passwords due to the sheer number of possible combinations.
This was highlighted by New York City Mayor Eric Adams' recent decision to switch from a four-digit to a six-digit passcode on his smartphone, increasing the possible combinations from 10,000 to a whopping 1,000,000.
NIST's new recommendations suggest allowing users to create passwords up to 64 characters in length.
Imagine the security of a 64-character password composed of simple words and phrases–it's a fortress that even the most sophisticated algorithms would find daunting!
As we age, the challenge of remembering a plethora of complex passwords can be troubling.
The new NIST guidelines offer a breath of fresh air, allowing us to create secure passwords that won't have us pulling out our hair in frustration.
Here are some tips to embrace the new password paradigm:
1. Think in Phrases: Create passwords that are a series of words or a memorable phrase. The longer, the better.
2. Embrace Simplicity: Use passwords that are easy to remember and type, reducing the temptation to write them down.
3. Avoid the Obvious: Steer clear of common phrases or information that could be easily guessed, like your first name and year of birth or “password.”
4. Update Wisely: While frequent password changes are no longer recommended, it's still important to update your passwords if there's a security breach or if you suspect your account has been compromised.
5. Stay Unique: Use different passwords for different accounts to ensure that a breach on one does not compromise them all.
With NIST's new guidelines, we can all breathe a little easier, knowing that our digital security can be both strong and straightforward.
Have you found it challenging to keep up with complex passwords? Are you ready to embrace longer, simpler passwords? Share your thoughts and experiences with password management in the comments below.
Learn why your complicated password might not be protecting you as much as you thought and take note of the latest guidelines that are reshaping our understanding of what it means to be secure online.
The U.S. National Institute of Standards and Technology (NIST) has recently published new guidelines that are challenging the long-held beliefs about password security.
Gone are the days when a jumble of letters, numbers, and symbols was the paragon of a strong password.
Instead, NIST's latest recommendations are advocating for a new approach that may seem counterintuitive at first glance but is grounded in extensive research and analysis.
The U.S. National Institute of Standards and Technology (NIST) has revised guidelines on password security, moving away from advocating for complex passwords. | Image source: Pexels.
The Problem with Complexity
For years, we've been coached to create passwords that resemble cryptic codes–with a mix of uppercase and lowercase letters, numbers, and special characters.
This complexity was believed to be the key to beat cybercriminals' attempts to access our personal accounts.
However, this complexity came at a cost–our ability to remember these passwords without resorting to insecure practices like writing them down or using the same password across multiple sites.
NIST's findings have shown that these complex passwords were not only a headache for users but also less effective than previously thought.
The reason? Human behavior.
When faced with the task of remembering a complex password, many of us would either simplify it to the bare minimum requirements or repeat it across different accounts, making it easier for hackers to gain access to multiple facets of our digital lives.
The New Paradigm: Length Over Complexity
The new guidelines encourage longer passwords over complexity and have abandoned the recommendation for frequent password changes. Image source: Pexels.
The new guidelines from NIST are clear: longer passwords are in, and complexity for complexity's sake is out.
The reason is simple – a longer password exponentially increases the number of possible combinations, making it much harder for attackers to crack, even if the password is made up of simpler characters.
This shift is also a nod to the human element of cybersecurity.
Long but simple passwords, or passphrases, are not only more secure but also easier to remember.
For example, a string of random words like “bigdogsmallratfastcatpurplehatjellobat” creates a password that is both highly secure and user-friendly.
In a similar story, find out if your 4-digit PIN is among the top 10 hacked and explore some strategies you can try to set a strong PIN.
The Impact of Computing Power
Advances in computing power have made it easier for cybercriminals to crack short, complex passwords.
However, they still struggle with lengthy passwords due to the sheer number of possible combinations.
This was highlighted by New York City Mayor Eric Adams' recent decision to switch from a four-digit to a six-digit passcode on his smartphone, increasing the possible combinations from 10,000 to a whopping 1,000,000.
NIST's new recommendations suggest allowing users to create passwords up to 64 characters in length.
Imagine the security of a 64-character password composed of simple words and phrases–it's a fortress that even the most sophisticated algorithms would find daunting!
What Does This Mean for You?
As we age, the challenge of remembering a plethora of complex passwords can be troubling.
The new NIST guidelines offer a breath of fresh air, allowing us to create secure passwords that won't have us pulling out our hair in frustration.
Here are some tips to embrace the new password paradigm:
1. Think in Phrases: Create passwords that are a series of words or a memorable phrase. The longer, the better.
2. Embrace Simplicity: Use passwords that are easy to remember and type, reducing the temptation to write them down.
3. Avoid the Obvious: Steer clear of common phrases or information that could be easily guessed, like your first name and year of birth or “password.”
4. Update Wisely: While frequent password changes are no longer recommended, it's still important to update your passwords if there's a security breach or if you suspect your account has been compromised.
5. Stay Unique: Use different passwords for different accounts to ensure that a breach on one does not compromise them all.
With NIST's new guidelines, we can all breathe a little easier, knowing that our digital security can be both strong and straightforward.
Have you found it challenging to keep up with complex passwords? Are you ready to embrace longer, simpler passwords? Share your thoughts and experiences with password management in the comments below.
