Today’s Password Security Recommendations from the Experts

Today’s Password Security Recommendations from the Experts

Every couple of years, the National Institute of Standards and Technology (NIST) issues their own guidelines and recommendations regarding password security. The NIST is a non-regulatory federal agency, and their password guidelines are not mandatory to follow, but they are generally considered to be a reasonable standard for password security around the entire globe. However, some security and cyber liability insurance experts argue that even the most “secure” passwords are no match for today’s cyber threats. Let’s take a look at the most recent NIST password guidelines and well as some security recommendations that don’t involve passwords at all.

The NIST recommends:

  • Removing periodic password change requirements. Multiple studies have been released that show that the requirement of frequent password changes can actually be counterproductive to good password security.
  • Stop with arbitrary password complexity requirements. Just like with frequent password changes, the need for mixtures of upper case letters, symbols and numbers may not be any more secure than a simple password.
  • Require screening of new passwords against lists of commonly used or compromised passwords. This is an interesting suggestion that claims that one of the best ways to strengthen a user’s password is to screen it against lists of dictionary passwords and known compromised passwords.

Security experts agree that removing password change requirements and arbitrary complexity requirements are good recommendations, but they actually take it one step further and recommend removing passwords entirely. In 2004, Bill Gates, CEO of Microsoft at the time, predicted that passwords would become obsolete, stating, “there is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”

In line with Gates’ prediction, Microsoft has almost entirely phased out passwords for employees and is hoping to eliminate them completely. Instead, Microsoft employees can use alternative verification options such as facial recognition and fingerprints. Other tech giants are also joining the trend, both for their employees and also to help consumers reduce their dependence on them. Google, for example, has been testing alternatives like USB key fobs which plug into computers and provide a second factor of authentication. According to the company, the key fob reduced the number of successful phishing attacks carried out against its employees.

With passwords being one of the most commonly stolen pieces of data by cybercriminals, it’s no surprise that new security efforts are being made to eliminate them completely. Proper confirmation of identity in digital transactions is one of the biggest cybersecurity challenges for organizations to overcome. Hopefully, by phasing out passwords and relying on methods that are less easy to replicate, businesses can protect themselves, their employees and their clients from having their data compromised by cybercriminals.


About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
Healthcare Reform and Its Impact on the Insurance Industry
The healthcare landscape is continually changing, and healthcare reform is a critical driver of change....
Looking at the Advancements in Senior Care
Senior care has undergone some extraneous advancements, and there are budding reasons for optimism. Now,...
The Latest About Healthcare Staffing
The healthcare staffing industry is going through some changes as things fluctuate on the backend of...