Passwords – New Simplified Rules

Small business and IT executives should update their password methodologies to incorporate the latest NIST thinking.


The National Institute of Standards and Technology’s (NIST) thorough rewrite of password standards turns some basic rules upside down.

Since 2003 users have had to memorize strange combinations of letters, numbers and special characteristics that were supposed to be changed periodically. The new standards revoke all that and suggest usage of long, easy-to-remember phrases with no forced period for change. For most companies and users the new standards should be employed as soon as possible.    

The conventions we currently use for passwords were created in 2003 by a mid-level manager at NIST and were first published in an eight-page primer called “NIST Special Publication 800-63, Appendix A”.

This document has been accepted as gospel around the world for the correct way to address password creation, naming conventions, and change frequency. No matter what the variant is today that your firm works with, odds are it is a derivative of the original guidelines. Unfortunately, the author of the guidelines had no empirical data to work with – no one would share their password information.

Go figure.

So he created the standards based on a whitepaper written in the mid-1980s when computer access and passwords were limited to the few technically savvy individuals in academia, big business, and government.

In June of this year the Special Publication got a total rewrite, discarding key commandments that audit and security personnel take as an article of faith. The good news is that the new rules are easier to live with than the original set. The new Digital Identity Guidelines can be found at

What Are the Key Changes?

There are two key changes to the rules: hard to remember alphanumeric combinations with (or without) special characteristics have been replaced by long, easy-to-remember phrases and password expiration advice has been dropped.

According to academics that study passwords, a series of four words can be harder to break than a shorter meaningless jumble of characters. To that point, cartoonist Randall Munroe calculated that it would take 550 years to crack the password “correct horse battery staple” whereas the password Tr0ub4dor&3 could be cracked in 3 days.

Computer security specialists have verified his calculations. (please see the cartoon next page

Next page- Cartoon and Takeaway


Blockchain: What it is, How it Works, and Why You Should Care

Blockchain: What it is, How it Works, and Why You Should Care

The what, how and whys of blockchain technology You may have heard of blockchain technology in relation to Bitcoin, NFTs, or other cryptocurrencies, but what exactly is it and how can you benefit from it? In this article, we will break down the blockchain into three...

AI and Business: From the Past to the Future

AI and Business: From the Past to the Future

Too often, human beings work against each other instead of working together. That’s because people sometimes don’t understand opposite viewpoints or are frightened by people who are different from them. As we are entering the era of AI, we need to remember that AI...


Sign Up for the Latin Biz Today Newsletter

Video Gallery

PR Newswire

Featured Authors

Pin It on Pinterest