End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts.
They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account password.
The National Institute of Standards and Technology (NIST) has a cybersecurity framework that helps organizations address common cybersecurity pitfalls in their environment, including weak, reused, and breached passwords. This post will take a closer look at the NIST password guidelines and see how you can effectively audit your password policies to ensure these meet the standards recommended by NIST.
NIST Password Guidelines and Best Practices
Specific guidance around passwords is addressed within the chapter titled Memorized Secret Verifiers. NIST has several recommendations in regards to passwords:
- Passwords should be no less than eight characters in length
- ASCII characters are acceptable along with Spaces
- If a service provider randomly chooses passwords, these must be at least six characters in…