Facebook Instagram Linkedin Youtube X-twitter
ARK Solvers Logo

Rethinking Password Security: Tips for a Safer Future

 

Rethinking Password Security: Tips for a Safer Future

A password policy designed for federal agencies must be secure, right? Surprisingly, that hasn’t been the case, according to the National Institute of Standards and Technology (NIST). The NIST created many of the password best practices you probably loathe — the combination of letters, numbers, and special characters — but it now says those guidelines were misguided and has changed its stance on the matter. Find out why and how it involves you.

 

The problem

 

The issue isn’t necessarily that the NIST advised people to create passwords that are easy to crack, but it steered people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

 

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

 

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

 

NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for computers to guess.

 

Recently, the institution admitted that this scheme can cause more problems than solutions. It has reversed its stance on organizational password management requirements and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

 

The solution

 

Security consultant Frank Abagnale and Chief hacking officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to utilize multifactor authentication (MFA) in login policies.

 

This requires users to present two valid credentials to gain access to their data. For instance, a code texted to an employee’s smartphone can serve as an added security measure to thwart hackers.

 

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “correcthorsebatterystaple” or “iknewweretroublewhenwalkedin5623”. These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

 

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

 

Even better, you should enforce the following security solutions within your company:

 

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers

 

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do, just give us a call.

Share the Post:

Related Posts

ARK Solvers Logo w
  • 2025 ARK Solvers. All Rights Reserved
Facebook Instagram Linkedin Youtube X-twitter

Ready to Take the Next Step?
15 minutes is all it takes to get you on the road
to a more secure business.

Schedule a FREE Consultation
solution

Clients with
Managed Contracts

Submit a Ticket

Clients without
Managed Contracts

Submit a Ticket
hack

Have You Been Hacked?

Call now to recover your organization.

(786) 664-8275

Press 2 For Incident Response Team

Responding within the first 24 hours of a cyber attack is crucial.
Delaying action can turn preventable damage into permanent loss.
Contact us now to guide your organization back to safety.

Privacy Policy

Our Commitment To Privacy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

The Information We Collect

This notice applies to all information collected or submitted on the website. On some pages, you can make requests, and register to receive materials. The types of personal information collected at these pages are:

  • Name
  • Address
  • Email address
  • Phone number

The Way We Use Information

We use the information you provide about yourself when placing an order only to complete that request for information. We do not share this information with outside parties except to the extent necessary to complete that process.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

You can register with our website if you would like to receive our newsletter as well as updates on our new products and services. Information you submit on our website will not be used for this purpose unless you fill out the applicable registration form.

We use non-identifying and aggregate information to better design our website but we would not disclose anything that could be used to identify those individuals.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

Our Commitment to Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Explicit Non-Sharing of Information

ARK Solvers is committed to upholding the highest standards of privacy for all personal information collected through our text messaging services. We do not sell, rent, distribute, or trade your personal data to third parties without your explicit consent unless legally required to do so. Any information shared with third parties is exclusively for the purpose of delivering our services to you. We assure you that your data will never be shared with third parties for marketing purposes.

How You Can Access Or Correct Your Information

You can inquire about all your personally identifiable information that we collect online and maintain by contacting us. We use this procedure to better safeguard your information.

You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.

To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

Cookies

As you browse arksolvers.com, advertising cookies will be placed on your computer so that we can understand what you are interested in. Our display advertising partner, AdRoll, then enables us to present you with retargeting advertising on other sites based on your previous interaction with arksolvers.com. The techniques our partners employ do not collect personal information such as your name, email address, postal address or telephone number. You can visit this page to opt out of AdRoll and their partners’ targeted advertising.

SMS Texting Terms and Conditions

Effective Date: March 05, 2025 
By signing up for text messages, you agree to receive informational messages (appointment reminders, account notifications, etc.) from Ark Solvers at the number provided. Message frequency varies. Msg & data rates may apply. If you require assistance, reply HELP, or you can call 786-664-8275. You can opt-out at any time by replying STOP.