Alert Priority HIGH: New guidelines for creating strong passwords

Want create site? Find Free WordPress Themes and plugins.

23 August 2017

New guidelines for creating strong passwords

The US National Institute of Standards and Technology (NIST) has issued new guidelines for password security that turn accepted wisdom about creating long strings of  letters, numbers and symbols on its head.

Details

NIST, a non-regulatory federal agency within the US Department of Commerce, issued the original advice in 2003 that became the global standard for password security. But it now says the advice led people to create predictably ‘complex’ passwords in a bid to remember them, which made them more vulnerable to hackers.

A former ­­­employee who has since retired said there just wasn’t enough real-word data available at the time.

Staying safe

Key changes in NIST’s new digital identity guidelines include:

  • Don’t arbitrarily mix letters, numbers and symbols to make a password. Instead, create passwords that are more memorable.
  • Single dictionary words, the user’s street address or numeric sequences such as 1234567 should be banned.
  • Organisations should screen the strength of their passwords against those used in cybercriminal dictionary attacks; a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.
  • Stop frequently changing passwords, for example each month, as it leads to poor passwords being created.

More information

Stay Smart Online has more information on how to create strong passwords for individuals and business.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Feedback
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

Disclaimer
This information has been prepared by the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

 

© 2017 Australian Government. All rights reserved

 

Did you find apk for android? You can find new Free Android Games and apps.
  • FREE Business Websites are almost here...! NO CATCH, NO OBLIGATION, NO RISK, SIMPLE to BUILD!
  • Get your community group noticed with a FREE website, completely free... Sign up HERE
  • Got a local event? List it FREE for everyone to see, no registration required! Check it out today!