SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Longer passwords advised over complexity, says Tesserent

Thu, 10th Oct 2024

Tesserent, a major Australian cybersecurity company, has highlighted a shift in password security advice from the National Institute of Standards and Technology (NIST).

For many years, businesses, the public sector, and consumers were advised to change passwords regularly and to utilise complex combinations of letters and numbers. However, NIST now suggests that longer passwords or passphrases are more beneficial than shorter, complex passwords.

Mark Jones, Senior Partner at Tesserent, stated, "NIST recommends increasing password length rather than complexity. The onus on implementation of this means that IT teams across Australia need to update systems in alignment with the new directive and a new education awareness campaign is required to inform consumers and support them through the changes."

Jones indicated the importance of this change due to its significant impact on the messaging traditionally promoted by the industry and the Federal Government. "This is a significant shift in the messaging the industry and the Federal Government has strongly pushed to consumers about passwords. Without explaining the reasons to consumers there is going to be confusion. It requires all of us to now pivot our messaging on this key issue in the fight to keep Australia cyber secure," he stressed.

The advice stems from the availability of enhanced tools for password management. With over 24 billion stolen credentials estimated to be circulating online, technologies like passkeys have become crucial. They offer stronger security by cryptographically protecting user credentials during logins.

Despite the updated approach, Jones cautions against the prevalent use of the same password across multiple platforms. "However, with passwords still in widespread use, it is important that people do not use the same password across multiple services and sites," he emphasised.

Password manager software can play a key role by assisting in creating and managing unique passwords, ensuring that a stolen password does not compromise other online identities. "And, wherever possible, enable multi-factor authentication (MFA) so a stolen or compromised password does not mean a cyber-criminal can gain all the keys to your online jewels," Jones advised.

The updated guidance from NIST signifies a crucial shift in password security, focusing on longer passphrases instead of complex combinations. Effective education on best practices, including password managers and multi-factor authentication, will be essential as organisations and individuals adapt to these recommendations. By embracing these strategies, users can enhance their online security and better protect their identities against credential theft, highlighting the importance of staying informed in the evolving cybersecurity landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X