Secure passwords, everything you know is wrong

New guidelines, dictated by the National Institute of Standards and Technology, upend many of the current beliefs about password security

When we think of passwords and the cybersecurity of our devices we surely think of alphanumeric codes, which are difficult to crack. Until now, these seemed like the most secure passwords for users.

NIST's National Institute of Standards and Technology has established some new guidelines regarding passwords used by users to protect accounts and electronic devices. Passwords, and their vulnerability, create several problems for users on the Net. Having your credentials stolen is one of the most likely threats on the Internet and one of the usual actions of hackers and cyber criminals. The NIST with its new report has overturned the current conception of passwords, especially those considered as secure.

Regular changes

Contrary to what experts have pointed out over and over again changing the password of an account on a regular basis does not increase the security of our profiles and our devices. On the contrary, according to the National Institute of Standards and Technology, this technique facilitates attacks by hackers and cyber criminals. During the various tests carried out, NIST has discovered that a continuously changed password is easier to steal than one that has undergone fewer changes. This is a total upheaval in the belief of various users and also something for businesses to consider.

Complex Passwords

NIST's research also found that a password that is very difficult to interpret does not provide greater protection for devices and accounts. It is useless to create credentials composed of numbers and letters, without an apparent logical link between them. Researchers have also discovered that when users were forced to choose symbols or numbers, they almost always relied on the same ones. The most commonly used are the numbers 1,2 and 3 and the exclamation point. Hackers, knowing this trend, were often able to steal even complex passwords created with alphanumeric characters.

Block Simple Passwords

NIST then advised developers, businesses but also individuals to block by default the entry of a password that is too simple. That is, ones like "password" or "1234," to give examples. The National Institute of Standards and Technology recommended creating a universal list of the most commonly used passwords and blocking them for access to social accounts and profiles. In this way, a good part of credential theft would be eliminated.

How to protect yourself

At this point, the question will arise: how can we protect our computer security by using passwords? NIST always recommends to associate the password with a second verification factor. And therefore to use two-factor authentication. The most recommended are messages on the phone or notification to a wearable. By now, almost all the services of the Network provide the possibility to activate this function. With two-factor verification creating different or complicated passwords will no longer be a problem. Because without our phone, no hacker will ever be able to access our data. Finally, beware of using a password manager. They are often hit by hacker attacks and risk having the opposite effect than desired.