G DATA security expert Tim Berghoff explains the NIST recommendation in his latest blog article.
Password rules are a regular source of frustration in many businesses. Employees are forced to change their passwords on a regular basis which comply with certain rules. For instance, a password must be of a certain length, have lower and upper case characters, special characters as well as digits. The point of those rules was to prevent people from using trivial and easy-to-guess passwords. These well-meaning rules have given rise to passwords such as „P@$$w0rd”. While meeting all required criteria, is often replaced with an iteration a few weeks down the line, because people like to make life easy for themselves. The new password then is “P@$$w0rd2”. A couple of weeks later, it is „P@$$w0rd3“, and so forth. From an attacker’s point of view, though, those passwords are easy to crack using specialized soft- and hardware. The latest password security recommendations from NIST aim to solve this conundrum and make this type of passwords a thing of the past. G DATA security expert Tim Berghoff explains some of the details from the NIST recommendation in his latest blog article.
The article is available one the G DATA Security Blog.