NIST Compliance | Breaking Cybersecurity News | The Hacker News

The advice didn't change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are the simplest way to get your users to create (and remember!) longer passwords. The math that matters When attackers steal password hashes from a breach, they brute-force by hashing millions of guesses per second until something matches. The time this takes depends on one thing: how many possible combinations exist. A traditional 8-character "complex" password (P@ssw0rd!) offers roughly 218 trillion combinations. Sounds impressive until you realize modern GPU setups can test those combinations in months, not years. Increase that to 16 characters using only lowercase letters, and you're looking at 26^16 combinations,...

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? We'll discuss each compliance measure and its importance in this article. What is NIST compliance? Defined by the National Institute of Standards and Technology, NIST compliance aims to harden federal systems against cyber-attacks. While the agency is non-regulatory, it  is  part of the U.S. Department of Commerce, which has plenty of influence over government agencies and their contractors. For example, NIST guidelines help agencies  satisfy the requirements of the Federal Information Security Management Act  (FISMA). NIST is instrumental in creating Federal Informatio...