Have we finally cracked the code on password security?
A recent update of password best practices from the National Institute of Standards and Technology found that longer login credentials do increase account security more than shorter, more complex ones — but that’s not all. it should be possible.
Historically, sites have required complex passwords with a mix of alphanumeric characters and symbols.
However, NIST found that “the benefit of such rules is less significant than originally thought” and places a “heavy” burden on users’ memory.
“People have a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed,” NIST wrote in the report, adding that, in return, “online services have introduced rules to increase the complexity of these passwords.”
These rules can frustrate users, and as a result, they “often work against these restrictions counterproductively” by using easily guessed passwords that can leave them vulnerable to hacking.
Rather than making users remember a jumble of letters, numbers and symbols, length, the organization said, “is a key factor in characterizing password strength.”
According to the agency, 64-character passwords provide maximum account security, with eight characters being the minimum.
In addition, NIST advised against arbitrary password changes, saying that passwords can be left unchanged if there is no evidence of a security breach.
The organization also encouraged users to use a password manager and implement two-factor authentication when possible, as strong passwords are not enough to deter malicious attackers.
“Many password-related attacks are unaffected by password complexity and length,” NIST wrote.
“Keyboarding, phishing and social engineering attacks are just as effective for long and complex passwords as they are for simple ones.”
#complex #passwords #effective
Image Source : nypost.com