Understanding the Latest NIST Password Guidelines

Security Meets Usability
Over the years, security professionals have learned surprising lessons about how password policies affect user behavior. Faced with complicated password requirements and hundreds of online accounts to keep track of, people often take dangerous shortcuts—and criminals benefit.
To help organizations mitigate the risk posed by users’ bad password habits, the National Institute of Standards and Technology (NIST) designed a set of password guidelines that balance security and usability. The updated guidance abandons the long-held philosophy that passwords must be long and complex. In contrast, the new guidelines recommend that passwords should be “easy to remember” but “hard to guess.” According to NIST, usability and security go hand-in-hand.
Read this white paper to understand what NIST’s guidance means for your organization, including:
- Why NIST has abandoned popular password complexity requirements
- What’s special about new authenticator guidelines
- How NIST approaches biometrics (hint: they’re not enough on their own)
- What organizations can do to mitigate the risk caused by users’ bad habits
Solution:
NIST Password Screening
Related Resources

Download Our Report on Account Takeover
Because of widespread password reuse, Account Takeover (ATO) attacks have become an extremely lucrative business for cybercriminals.

How Easy Is It To Bypass Multi-Factor Authentication Solutions?
Enterprises are trying everything they can to prevent cyber criminals from taking over employee and customer accounts to gain access to data and systems.

The 6 Myths About Account Takeover
Download the ebook, 6 Myths about ATO Prevention Strategies to learn which of the most common techniques and technologies help and which provide false hope.
Trusted by market leaders
With 500+ customers around the world, including half of the Fortune 10, SpyCloud is the leader in operationalizing Cybercrime Analytics to protect businesses.
We’re on a mission to make the internet a safer place by disrupting the criminal underground. Together with our customers, we aim to stop criminals from profiting off stolen data.
#1 Global
Streaming Service
#1 Global
Airline
#1 Global Software
Company
Leading
US Banks
#1 Global
Online Retailer
#1 US Crypto Exchange
Check Your Exposure
See your real-time account takeover exposure details powered by SpyCloud data.