Skip to the main content.

blog-img-4

Managed IT Services

Responsive and innovative managed IT services to support your business and drive growth.

Learn More

 

IT Services

Responsive technical services to support your business and drive growth.

Professional Services

Leverage our team's deep experience to drive key business outcomes and transform your business.

Productivity

Supercharge your productivity and drive collaboration for employees, clients, and vendors.

Infrastructure

High performance cloud and network solutions to accelerate your business.

nav-img-0002

Events

Join our team for our insightful
online and in-person events.

Resource Library

Dive into our growing content library and learn how we partner with clients to achieve success.

Industries

Learn how we partner with clients in key verticals to solve challenges and drive growth.

Quest logo

Request support, track orders, and access self-help on our advanced online platform.

Client Portal

cus-img

Chat with a Solutions Specialist to learn about our IT services and solutions.

Get Started

NIST’s New Password Guidelines

 
NIST’s New Password Guidelines

The National Institute of Standards and Technology (NIST), the federal agency responsible for setting technology standards, has proposed significant changes to password policies. These changes include ending mandatory password resets, restricting the use of certain characters, and discontinuing security questions.

Creating strong, secure passwords and managing them effectively is one of the most challenging aspects of cybersecurity. This task becomes even more complicated with the password rules enforced by employers, federal agencies, and online service providers. 

NIST has published the second public draft of its updated Digital Identity Guidelines, known as SP 800-63-4. This comprehensive document outlines both the mandatory technical requirements and recommended best practices for authenticating digital identities. Any organization that deals with the federal government online must comply with these standards.

Key Changes in Password Policies

The following changes aim to simplify password management while enhancing security:

  1. Elimination of Mandatory Password Resets: Users are no longer required to change their passwords periodically unless there is evidence of a security compromise.
  2. Character Composition Rules: Verifiers and credential service providers (CSPs) must not impose specific character composition rules, such as requiring a mix of character types.
  3. Password Length: Passwords must be at least eight characters long, with a recommendation of a minimum of 15 characters.
  4. Password Length Flexibility: Systems should allow passwords up to 64 characters in length.
  5. Character Inclusion: All printable ASCII characters, including spaces, should be allowed in passwords. Unicode characters are also permitted, with each character counted as one unit for password length purposes.
  6. Password Truncation: Password truncation is not allowed; the full password must be verified.
  7. Password Hints: Systems must not offer password hints accessible to unauthorized users.
  8. Knowledge-Based Authentication: The use of knowledge-based authentication methods, such as security questions, is discouraged.

These updates aim to simplify password management while enhancing security, making it easier for users to maintain strong, secure passwords without unnecessary complexity.

Want to Learn How Sourcepass Can Help You with Compliance?

With expert guidance and deep technical expertise, Sourcepass can help ensure data security and mitigate legal and financial risks, helping clients avoid penalties and protect sensitive information. 

Contact Sourcepass today to learn more about how our comprehensive cybersecurity services can help safeguard your business.