Passwords used to be a secure mechanism because users would have to follow a number of rules. These included changing a password every 90 days and meeting complexity requirements such as password length, a mix of characters and no recent password reuse. However, as technology changes, so do best practices for keeping a password secure. The National Institute of Standards and Technology (NIST) has created a new set of guidelines that in some ways contradicts the traditional rules of password safety.
Here are some of NIST’s controversial highlights:
To meet these guidelines, LI Tech’s advice for password optimization includes the following:
Use a long phrase that is easily remembered.
The best way to ensure you’ll remember a password is to include Thing&Thing2 syntax (Take, for example, ButterToast). Use that “easily remembered thing combination” and adjust it in the middle to correspond to a website or company you’re using it for: ButterAToast for shopping at Amazon (“A” for Amazon).
This way, when a website eventually DOES get hacked and your password is compromised, cyber criminals would only be able to cross-reference the password on other “A” websites like Apple.com.
You can also add a “special character” and number that remain the same. If a website requires a “special character” or “number”, you’re already fulfilling that requirement: ButterT87*Toast for shopping at Target + birthyear+constant special character
Enable Multi-Factor Authentication whenever possible.
This should be used on any “primary email” accounts along with other websites that can potentially harm you. (Amazon should have MFA because an attacker could purchase a lot of items whereas compromising a cooking recipes account won’t harm you as much and shouldn’t need MFA).
Write your passwords down! (yes, really)
Having a sensitive notebook or secure place to keep track of your passwords make it VERY easy to maintain and manage. This is also very helpful for loved ones if anything ever happens to you.