National Institute of standards and Technology (NIST) password guidelines were updated in June of 2017. The major changes are to move away from the old school way of thinking when it comes to passwords. Passwords need to be user friendly so users can remember them. A minimum of 8 characters and a maximum of 64 characters should be set. Emoji’s should be allowed. A banned password dictionary list, or blacklist, should be implemented and newly created passwords should be checked against the dictionary. Two factor authentications should be implemented.
Four best practices users should follow when creating passwords are:
- Use a mixture of characters and numbers.
- Use capital and lower case letters.
- Use a long password.
- Do not use a password manager application to store passwords.
Three examples of poor passwords are:
- qwerty
- fido
- 12345