The US-based National Institute of Standards and Technology (NIST) is a government agency, producing guidelines that Australia’s own Australian Securities and Investments Commission (ASIC) tends to recommend.
Of importance in 2017 are the NIST password recommendations. The salient point is below:
What does this means for password selecting?
- Make it random
But random passwords are hard to remember!
And here’s the trick
Good password examples:
- BananasAndChicken-Yum$ – it’s 22 characters long
- MyKidsDontLetMeSleep:( – also 22 characters
- [email protected] – 25 characters
NIST recommends:
Go for password length & pass phrases
- a minimum of 16 characters
- make sure your password hints aren’t guessable
- No single or permutations of dictionary words i.e. password or passw0rd
Passwords to change only when forgotten
- Providing they are long & hard to guess
Use a password manager
- Do your own due diligence to select a provider
Use Multi-factor Authentication (MFA)
- Except for SMS which is not secure
Need help with any of this? Just call us!
