The National Institute of Standards and Technology (NIST) has updated its Digital Identity Guidelines (see NIST Special Publication 800-63B). The guide includes a variety of recommendations that can (and many times should) be implemented to improve the security on your network.

One of the things that this update covers is two-factor authentication, which we went over recently. We recommend using it whenever reasonably possible.

They suggest a minimum of 8 characters in your passwords, but they encourage much longer passwords of 64 characters (within reason) and that use of UNICODE, special characters, and spaces should be allowed in passwords. While spaces doesn’t necessarily add to password complexity, it does help folks begin using passphrases instead of passwords (there is a difference). Passphrases in general are much harder to break with brute-force automated techniques, but are easier to remember by users.

Long story short, make sure your password policies are kept up-to-date and that they are secure. Contact us for more information on running a network assessment on your environment to see how your policy is setup (among many other items that we look for).