Today’s Password Security Recommendations from the Experts

Today’s Password Security Recommendations from the Experts

Every couple of years, the National Institute of Standards and Technology (NIST) issues their own guidelines and recommendations regarding password security. The NIST is a non-regulatory federal agency, and their password guidelines are not mandatory to follow, but they are generally considered to be a reasonable standard for password security around the entire globe. However, some security and cyber liability insurance experts argue that even the most “secure” passwords are no match for today’s cyber threats. Let’s take a look at the most recent NIST password guidelines and well as some security recommendations that don’t involve passwords at all.

The NIST recommends:

  • Removing periodic password change requirements. Multiple studies have been released that show that the requirement of frequent password changes can actually be counterproductive to good password security.
  • Stop with arbitrary password complexity requirements. Just like with frequent password changes, the need for mixtures of upper case letters, symbols and numbers may not be any more secure than a simple password.
  • Require screening of new passwords against lists of commonly used or compromised passwords. This is an interesting suggestion that claims that one of the best ways to strengthen a user’s password is to screen it against lists of dictionary passwords and known compromised passwords.

Security experts agree that removing password change requirements and arbitrary complexity requirements are good recommendations, but they actually take it one step further and recommend removing passwords entirely. In 2004, Bill Gates, CEO of Microsoft at the time, predicted that passwords would become obsolete, stating, “there is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”

In line with Gates’ prediction, Microsoft has almost entirely phased out passwords for employees and is hoping to eliminate them completely. Instead, Microsoft employees can use alternative verification options such as facial recognition and fingerprints. Other tech giants are also joining the trend, both for their employees and also to help consumers reduce their dependence on them. Google, for example, has been testing alternatives like USB key fobs which plug into computers and provide a second factor of authentication. According to the company, the key fob reduced the number of successful phishing attacks carried out against its employees.

With passwords being one of the most commonly stolen pieces of data by cybercriminals, it’s no surprise that new security efforts are being made to eliminate them completely. Proper confirmation of identity in digital transactions is one of the biggest cybersecurity challenges for organizations to overcome. Hopefully, by phasing out passwords and relying on methods that are less easy to replicate, businesses can protect themselves, their employees and their clients from having their data compromised by cybercriminals.


About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
insurance for nursing homes
The Essential Role of Insurance for Nursing Homes
Nursing homes are vital in providing care and support for our aging population. The complexities of healthcare...
data protection in healthcare
Data Protection Strategies for Healthcare Providers
Healthcare data, which includes a wide range of patient information, is the lifeblood of the medical...
managed care
Insights Into the Challenges of Managed Care
The healthcare ecosystem relies on managed care organizations to coordinate the delivery of healthcare...