Here’s a great article from Mashable, talking about passwords and all the symbols or numbers or both upper- and lower-case letters, or all of them together, in order to have a strong password, may not need be necessary, and it could actually be counterproductive.
The National Institute of Standards and Technology put out a new draft of guidelines for security professionals yesterday (May 11th) that changes those recommendations. They say about passwords with all those different symbols and numbers: “Analyses of breached password databases reveals that the benefit of such rules is not nearly as significant as initially thought, although the impact on usability and memorability is severe.” Which means, those passwords aren’t that effective and are hard to remember. They recommend instead that people choose any password of eight characters or more, but they should be checked against a list of known common passwords to make it isn’t one of them. The NIST’s new guidelines also say that periodic password resets that people are sometimes forced to do aren’t very helpful either, and are only needed if there’s been a data breach. The NIST additionally says security questions that ask things like where you went to high school or where you were born are useless, because a lot of that kind of information can easily be found out by anyone through a Google search. The one thing they do still recommend people do: use two -factor authentication.
Makes perfect sense. We use WordPress to post these stories on the website and recently, WordPress adopted the two-factor authentication. At first, I didn’t like it all going through the extra step of getting a verification code texted to your phone. But after reading this article, I’m all for it!
Click here to know how to use two-factor options in popular apps.