Have you finally cracked the password security code?
a recent updates to password best practices A study by the National Institute of Standards and Technology found that longer login credentials do indeed improve account security than shorter, more complex login credentials. But that's not all.
Previously, sites required complex passwords that included a combination of alphanumeric characters and symbols.
Still, NIST found that “the benefits of such rules are not as great as originally thought” and that they place a “significant” burden on users' memory.
“Humans are limited in their ability to memorize complex and arbitrary secrets, so they often choose passwords that are easy to guess,” NIST said in the report, adding, “Instead, online services “We are introducing rules to increase the complexity of the system,” he added. password. ”
These rules can frustrate users, and as a result, people often counterproductively circumvent these restrictions by using easily guessed passwords that can make them vulnerable to hacking. there is”.
Rather than forcing users to memorize a jumble of letters, numbers, and symbols, the organization says length is the “key factor that characterizes a password's strength.”
The agency says a 64-character password provides maximum security for your account, with a minimum length of eight characters.
Additionally, NIST recommended against arbitrary password changes, stating that passwords should not be changed unless there is evidence of a security breach.
We also recommended that users use password managers and implement two-factor authentication when possible, as strong passwords alone are not enough to thwart malicious attackers.
“Many attacks related to the use of passwords are not sensitive to password complexity or length,” NIST writes.
“Keystroke logging, phishing, and social engineering attacks are just as effective against long, complex passwords as they are against simple passwords.”
