The National Institute of Standards and Technology (NIST) once said that a good password consisted of three things: upper- and lowercase letter, numbers, and symbols. However, the NIST recently reversed its stance on good passwords. Here’s why and what they are now recommending.
The problem
The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people create weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”
Such a password may seem secure, but the strings of characters and numbers could easily be compromised by hackers using common algorithms.
What’s more, the NIST also recommended that people change their passwords regularly, but did not specify how and when to change them. Since many people thought their passwords were already secure because they’ve included special characters in them, most only added or changed one character.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.
Eventually, the institution admitted that this can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.
The solution
Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication in login policies.
This requires a user to present two valid credentials aside from a password to gain access to an account. This could be a code sent to the account owner’s smartphone, a login prompt on a mobile device, or a facial or a fingerprint scan. This way, hackers’ login efforts are futile unless they fulfill the succeeding security requirements.
Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.
Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to crack.
You should also enforce the following security solutions within your company:
- Single sign-on – allows users to securely access multiple accounts with one set of credentials
- Account monitoring tools – recognizes suspicious activity and locks out hackers
When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.
What South Florida Businesses Should Know About Password Security
Managing password security effectively is critical for any South Florida business. At Nextek IT, we help companies across Broward, Miami-Dade, and Palm Beach counties implement the right solutions — so you can focus on growing your business instead of fighting technology problems.
- Local expertise: Our team understands the unique IT challenges facing South Florida businesses, from hurricane preparedness to compliance requirements.
- Proactive approach: We don’t wait for problems to find you — our managed IT services monitor, protect, and optimize your environment 24/7.
- Compliance-ready: Whether you’re subject to HIPAA, PCI-DSS, or other regulations, Nextek IT keeps your systems audit-ready.
- Flat-rate pricing: No surprise invoices — just predictable monthly IT costs that scale with your business.
Ready to take the next step? Contact Nextek IT for a free IT assessment, or learn more about our Managed IT Services and Cybersecurity Solutions.
Password security: South Florida Business Takeaways
Password security is important for South Florida businesses that rely on secure systems, dependable cloud tools, responsive support, and practical IT planning. Nextek IT helps local teams make Password security part of a managed technology standard instead of a one-time fix.
Security and compliance work best when policies, monitoring, training, and response steps are aligned before a problem occurs. For growing companies, that means documenting settings, reviewing user access, checking backups, and giving employees a clear support path.
- Review how Password security affects users, devices, cloud apps, and security controls.
- Confirm policies, backups, and support steps before a small issue becomes downtime.
- Schedule recurring technology reviews so improvements stay current as the business changes.
For help with Password security, explore Nextek IT’s fully managed IT services, server and desktop support, and cybersecurity services.
Contact Nextek IT when your South Florida team wants Password security handled by a responsive IT support partner.