IT Master Services, Sparks Nevada - Your Information Technology Pros
Office Phone: (775) 287-0770
Email: [email protected]

Password Guidelines

What You Need to Know

Looking for a new IT partner? Call Us Now (775) 229-4254

What is the Industry Standard for Passwords?

As you can imagine, passwords are always a hot topic of discussion both in and out of computer security circles. IT Master Services understands that users have always hated being forced to come up with schemes to meet the complexity rules or change their password at defined intervals. The multitude of password requirements of the past have frustrated users and have led to bad behaviors which time after time led to compromised passwords and resultant data breaches.

We summarize the most important parts of the NIST’s password advice below. It varies from obvious rules such as uniqueness requirements through to password complexity requirements. It’s a solid basis on which to build a password security policy.

What is the Industry Standard for Password Policy?

  • Minimum password length is 8 characters.
  • Password must meet complexity requirements. Password should contain all of the following character types:
    • a lower case letter ( a b c d ...)
    • an upper case letter ( A B C D ...)
    • number (0 1 2 3 4 5 6 7 8 9 )
    • a special character ( = + * $ ? ) ( ! , . @ )
  • Do not use password hints
  • Randomly generate your passwords – a randomly generated password is unlikely to be in a password dictionary and will be difficult to guess. You have plenty of options to randomly generate a password, think org or even Norton’s website.
  • Use two-factor authentication (2FA) whenever you can – there is an almost unlimited number of ways in which passwords can be hacked. However, with 2FA, even if a password is hacked, a hacker cannot enter an account without the second authentication factor. This could be biometric data, a key fob or something like Google’s Authenticator
How do you avoid being a victim?

Here are some examples of good and bad passwords

Here some exampels of good complex passwords. These will meet the password complexity requirements of even the most stringent of security policies.

Here are some examples of password you should NOT use include:

  • Password12
  • ILikeTurtles77
  • KickRocks22