Menu
The US NIST has released new password management rules. NIST (National Institute of Standards and Technology) is an influential organization under the US Department of Commerce. It recommends that you change your password regularly or avoid using a mix of character types. The rules that you see on many web services, such as 'Include at least one uppercase or lowercase English letter, number, and special character' and 'Change password after 90 days', are based on the guidelines released by NIST in 2007.
However, as the number of services used by individuals increased, problems arose. Users chose the easiest method under limited conditions, so they combined easy-to-guess special characters such as ! and @. When changing passwords for numerous services periodically, they could not remember them all, so they ended up saving them separately in a memo, which actually made security vulnerable.
NIST recommends using long passwords rather than trying to combine random numbers that are hard to remember. The analysis is that long passwords that are easy for people to remember are more effective in terms of security. It recommends allowing a minimum of 8 characters and a maximum of 64 characters.
We also talk about passkeys. Big tech companies offer biometric authentication using faces or fingerprints. Instead of users having to manage complex passwords themselves, big tech companies like Apple, Google, and Samsung manage security on their behalf.
Every Tuesday morning, a designer with 16 years of experience curated Collect design trends.
