Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232
Technology

Are your passwords too complex?

Articles by: Richey May, Apr 16, 2019

Apr 2019

Are your passwords too complex?

Despite advancements in biometric technologies and the use of multi-factor authentication (MFA), passwords are still today’s front-line defense when it comes to cybersecurity and access control. Every day, users are required to login multiple times to access a myriad of resources, some that contain sensitive information others that do not – all while the bad guys attempt to steal, reuse, and guess passwords to gain access to anything from Netflix to online banking.

In order to address security concerns, the National Institute of Standards and Technology (NIST) performed a multi-year study and recently released new password standards (NIST SP 800-63). In a major shift away from common practices, these NIST standards recommend that organizations actually reduce requirements on complexity, size, and character types, as well as frequent password changes.

Instead of increasing security, the study found that burdensome password requirements actually increase risk through poor passwords and password reuse. When employees are mandated to have complex and long passwords that must change every three months, the study showed that they often create patterns or easy to remember passwords and reuse them on multiple accounts. This reuse increases the risk of compromise and opens the entity up to Account Take Over (ATO) attacks through the use of compromised password lists obtained from breeches like the Ashley Madison or Yahoo! leaks.

NIST did not just recommend reduced password complexity and expiration removal, but also recommended that entities should ban commonly used passwords, provide users with breeched passwords lists to reference and implement password testing.

Here is a summary of the new NIST password design requirements:

  • Minimum password size of 8 characters
  • Maximum password length 64 characters
  • Allow all printable ASCII characters (including spaces)
  • Allow all UNICODE characters (Including Emojis)
  • Screen for use of banned passwords
  • Eliminate requirements for password expiration

While these password recommendations increase security, NIST still recommends that organizations implement MFA to reduce overall risk. With bad guys out there looking to steal your data, authentication is the key in determining who you are in the cyberworld.