Published : Apr 13, 2021
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Hold Proceed with caution
Password policies are a standard default for many organizations today. However, we're still seeing organizations requiring passwords to include a variety of symbols, numbers, uppercase and lowercase letters as well as inclusion of special characters. These are naive password complexity requirements that lead to a false sense of security as users will opt for more insecure passwords because the alternative is difficult to remember and type. According to NIST recommendations, the primary factor in password strength is password length, and therefore users should choose long passphrases with a maximum requirement of 64 characters (including spaces). These passphrases are more secure and memorable.