NIST guidelines

7 New NIST Password Guidelines You Need to Know

You can overcome the challenges of HIPAA compliance. Begin by understanding and implementing NIST password guidelines. 

As technology improves, so do the methods that hackers come up with to compromise your network. You can expose your organization to severe liabilities if you don’t stay prepared for a potential OCR HIPAA compliance audit. 

Resultantly, many healthcare organizations work toward remaining in compliance. Still, many providers face challenges in trying to maintain information security. Maintaining HIPAA compliance is about more than avoiding fines – it’s also ethical

Password security is an integral part of maintaining the security of your network. The National Institute of Standards and Technology (NIST) monitors global cybersecurity best practices. The NIST guidelines offer highly effective cybersecurity recommendations. 

NIST Guidelines Can Help You Remain in Compliance 

The NIST maintains a comprehensive framework for network cybersecurity. The institute is a subdivision of the U.S. Department of Commerce. 

The NIST Cybersecurity Framework (CSF) is a trusted source for information security. It includes evidence-based guidelines about a range of network security practices. 

Lawmakers established the NIST to help federal agencies maintain regulatory compliance. Now, governmental agencies and private enterprises turn to the NIST. The institute’s recommendations ensure that organizations are following best practices for cybersecurity. IT professionals trust the institute as a leading source of cybersecurity information. 

The following are seven NIST password guidelines that can help your organization remain in compliance. 

1. Use Longer Passwords 

NIST password recommendations suggest that users should create manual logins that are eight characters or longer. If you use a password generator, the institute recommends a six-character minimum. 

However, passwords should not exceed 64 characters in length. They can include any of the American Standard Code for Information Exchange characters. This includes, for example, spaces.

2. Eliminate Password Resets 

It’s a standard practice to require employees to change their password regularly. However, NIST password standards warn that this practice can do more harm than good. 

With each password reset, users must struggle to create a new one. One strong credential, advises NIST guidelines, is better than a series of average passwords.

3. Keep It Simple 

When creating an online account, many systems will guide users in conforming to network policy. For instance, the system normally will not let a user create a new account unless it contains a mix of characters. For instance, new passwords must have a lowercase letter, an uppercase letter, a number, and a symbol. 

This practice has served as a cybersecurity standard for years. However, when users forget their logins, they often replace them with weak passwords.

4. Deploy a User-Friendly UX 

Most websites do not allow users to see their passwords when they log in. The NIST recommends changing this policy and allowing viewers to see their passwords as they type. 

Users who cannot see their passwords as they type are more likely to use short passwords that they can remember. However, short passwords are less secure. 

The institute also recommends that IT admins give users the ability to copy and paste passwords. With this ability, account holders can use a password manager to save and use stronger passwords.

5. Do Away With Password Clues 

Many secure accounts enable – or even require – users to create password hints for when they forget their log on. This service can prevent users from the need to create a new password if they forget it.

However, it also exposes your network to threats. NIST password requirements advise against this practice. 

Today, hackers can find information about nearly everyone online. These various bits of data around the internet can provide clues that enable hackers to guess passwords. If hackers breach your network, your organization could face penalties and fines.

6. Limit Password Attempts 

Sometimes, employees need a few attempts to log into their accounts. However, you must limit the number of attempts that users can make before the system locks them out of their accounts. 

The NIST recommends that you give users only ten attempts to log into their accounts. By doing so, you will protect your network from brute force password breaking.

7. Ban SMS Assisted Two-Factor Authentication 

Multi-factor authentication is highly effective at preventing hackers from compromising network passwords. It serves as an extra layer of security. However, using short message service (SMS) – or text – as part of the process exposes your network to vulnerability. 

SMS gives hackers the opportunity to insert malware into your network. This code can redirect text messages and support attacks against your mobile phone network. 

How Did You Do? 

More than likely, you see a policy on this list that your organization currently enforces. It’s vital that you heed the advice of NIST standards and revise your policies immediately. NIST password guidelines will help you protect patient information. They will also help your organization remain in HIPAA compliance

Furthermore, it’s essential that you retrain employees as new cybersecurity best practices emerge. Staying informed about the latest network security measures. This way, you can avoid exposing your organization to liability. 

Stay Current in Cybersecurity Best-Practices 

HIPAA guidelines change continually. Accordingly, you must pay attention to changes in HIPAA regulations. NIST passwords and guidelines can help you stay ahead of many of those changes. HIPAA violations can damage your reputation and result in steep penalties. 

Approximately every 40 seconds, hackers attempt to compromise a network. Follow NIST password guidelines to keep your network safe. 

The NIST guidelines will help you stay ahead of emerging threats. By staying on top of the latest NIST cybersecurity best-practices, you can avoid the common pitfalls faced by many organizations. 

Check out the rest of the site to learn more about network security and how to protect your organization.

Leave a Comment

HIPAA Security Reminders

 

HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top