NIST also provides insight into additional password best practices:
- Check passwords against breached password lists
- Block passwords contained in password dictionaries
- Prevent the use of repetitive or incremental passwords
- Avoid context-specific words as passwords
How do I remember a 15-character password?
We get this question all of the time when speaking with our clients about good password hygiene. Our reply is simple: you cannot remember multiple 15-character complex passwords. It is for this reason that we recommend small businesses adopt password management tools. A password manager will mean that you don’t have to remember your credentials and generators can easily generate new secure passwords when required.
No password manager?
If your organization has not yet adopted a password manager, users will have to generate their own passwords. Here are some tips to create a strong password:
- Avoid using incremental or decremental sequences of numbers or letters
- Complexity on 3 or 4 character types
- Use a combination of letter, numbers and symbols
- Do not include your birth year or date in your passwords
- Combine different random words in your password or passphrase
- Do no use names or words found in the dictionary
- Do not reuse your passwords
- Non-multifactor authentication environment
- Password expiry every 90 days
- Account lockout after 5 attempts
- Automatically suspend the account after 45 days without a valid login
To learn more about the NIST guidelines, Nucleus best practices or password complexity in general contact us.