Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Technology Solutions

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Technology Solutions

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Contact Us

Richey May Headquarters
9605 S. Kingston Ct. Suite 200
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Technology Solutions

 

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Technology Solutions

 

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Contact Us

Richey May Headquarters
9605 S. Kingston Ct. Suite 200
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9605 S. Kingston Ct. Suite 200
Englewood, CO 80112
Directions
303-721-6232
Technology

Are your passwords too complex?

Articles by: Richey May, Apr 16, 2019

Apr 2019 | BlogRM Tech

Are your passwords too complex?

Despite advancements in biometric technologies and the use of multi-factor authentication (MFA), passwords are still today’s front-line defense when it comes to cybersecurity and access control. Every day, users are required to login multiple times to access a myriad of resources, some that contain sensitive information others that do not – all while the bad guys attempt to steal, reuse, and guess passwords to gain access to anything from Netflix to online banking.

In order to address security concerns, the National Institute of Standards and Technology (NIST) performed a multi-year study and recently released new password standards (NIST SP 800-63). In a major shift away from common practices, these NIST standards recommend that organizations actually reduce requirements on complexity, size, and character types, as well as frequent password changes.

Instead of increasing security, the study found that burdensome password requirements actually increase risk through poor passwords and password reuse. When employees are mandated to have complex and long passwords that must change every three months, the study showed that they often create patterns or easy to remember passwords and reuse them on multiple accounts. This reuse increases the risk of compromise and opens the entity up to Account Take Over (ATO) attacks through the use of compromised password lists obtained from breeches like the Ashley Madison or Yahoo! leaks.

NIST did not just recommend reduced password complexity and expiration removal, but also recommended that entities should ban commonly used passwords, provide users with breeched passwords lists to reference and implement password testing.

Here is a summary of the new NIST password design requirements:

  • Minimum password size of 8 characters
  • Maximum password length 64 characters
  • Allow all printable ASCII characters (including spaces)
  • Allow all UNICODE characters (Including Emojis)
  • Screen for use of banned passwords
  • Eliminate requirements for password expiration

While these password recommendations increase security, NIST still recommends that organizations implement MFA to reduce overall risk. With bad guys out there looking to steal your data, authentication is the key in determining who you are in the cyberworld.