Knowledge base

October 05, 2024

The 10 Commandments of NIST Password Security (2024 Update)

The National Institute of Standards and Technology (NIST) has released new guidelines for password security, and they sound almost like holy writings!
Here are the โ€œ10 Commandmentsโ€ of password authentication according to NIST:

What is Shadow IT and why is it a risk for businesses?

1. Thou Shalt Choose a Password or Assign One Randomly ๐Ÿ”‘.

  • Passwords may be chosen by the user, or randomly assigned by a system (CSP).

2. Thou Shalt Not Choose From a Blocked List ๐Ÿšซ

  • If your password is on a blocking list (such as commonly used or hacked passwords), you should choose another one.

3. Thou Shalt Not Impose Additional Complexity Requirements โŒ.

  • There are no more mandatory rules such as numbers or special characters.
    Simple and effective!

4. Thou Shalt Ask Passwords Of At Least 8 Characters ๐Ÿ”ข

  • Mandatory minimum of 8 characters, but ideally passwords should be at least 15 characters long.

5. Thou Shalt Allow All ASCII & Unicode Characters ๐Ÿ–ฅ๏ธ

  • All printable ASCII characters (including spaces) and Unicode symbols may be used in passwords.

6. Thou Shalt Not Request Regular Password Changes ๐Ÿ”„

  • No more periodic password changes unless there is evidence of a security compromise.

7. Thou Shalt Not Use Password Hints or Security Questions โ“

  • No password hints and no knowledge-based authentication questions (โ€œWhat was the name of your first pet?โ€).

8. Thou Shalt Check a Block List For Password Changes ๐Ÿ“œ

  • Passwords should be checked against a blocking list to avoid commonly used or known passwords.

9. Thou Shalt Encourage the Use of Password Managers ๐Ÿ’ผ

  • Password managers are encouraged, including features such as โ€œpasteโ€ to enter passwords easily.

10. Thou Shalt Use Strong Encryption And Secure Channels ๐Ÿ›ก๏ธ

  • Passwords should be encrypted and hashed with strong cryptographic methods to prevent offline attacks.

๐Ÿ’ก Why are these new rules important?

  • These guidelines reduce the burden on users by removing unnecessary complexity while improving security by making brute-force attacks more difficult.

๐Ÿ” Conclusion: NIST makes it clear: simpler passwords donโ€™t have to be insecure!
Use password managers and long passwords, and youโ€™ll be ready for the future of online security.
For more info, check out Password Verifiers Authenticators (nist.gov)

Want to know more?

Get in touch
NIST wachtwoordbeveiliging 2024 update

Related blogs

ALTA-ICT B.V. ISO 27001, ISO 9001 & NEN 7510 gecertificeerd
August 07, 2025

ISO 27001, ISO 9001 and NEN 7510 โ€“ ALTA-ICT B.V. Certified

Read more
ALTA-ICT veelgestelde vragen over Microsoft 365, IT-beheer en cloudoplossingen
August 01, 2025

All about Microsoft 365, IT management and cloud solutions for SMBs

Read more
Microsoft Copilot veiligheid โ€“ ALTA-ICT branding met paarse futuristische 3D elementen en beveiligingsicoon
July 31, 2025

Microsoft Copilot Secure Use in SME Businesses

Read more
ALTA-ICT Microsoft 365 migratie met cloud en Office-app iconen
July 30, 2025

Successfully transitioning to Microsoft 365

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI โ€“ Wekelijks in je Mailbox.