Protecting personal data is a top priority, and organizations emphasize this to employees to prevent hackers from accessing sensitive company information.
The belief is that complex passwords are less vulnerable to cyber attacks.
However, remembering these intricate passwords, often filled with various numbers, letters, and symbols, can become overwhelming, leading many to write them down for fear of forgetting.
The US National Institute of Standards and Technology (NIST), known for developing tech security guidelines, no longer endorses complicated passwords.
According to Forbes, NIST has issued new security guidelines for government systems, revising the traditional password recommendations we have long adhered to.
If you have ever used Google Chrome’s password generator, you may have seen it create an unmemorable password composed of mixed characters, numbers, and symbols, which you’d likely need to save in a password manager.
NIST warns that complex passwords might actually decrease security, as someone could discover your written list of passwords or access them directly via your device.
NIST suggests that longer passwords are a safer alternative to complex ones.
The guidance points out that while many online services mandate complex passwords, ‘analyses of breached password databases reveal that the benefit of such rules is less significant than initially thought’.
This implies you are better off using a memorable long string of words as a password rather than a random combination, ensuring each password is unique.
Using a short sentence or a series of words reduces the likelihood of recording passwords on your phone or reusing them, which could compromise all your accounts if one is breached.
Furthermore, a 64-character password made up of actual words with occasional capital letters and symbols is virtually impossible to crack.
Contributing to risky password behaviors is the common organizational policy of changing passwords every 60 to 90 days, a practice NIST no longer recommends.