IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
MFA
#
Cybersecurity
#
Online security

Longer passwords advised over complexity, says Tesserent

Yesterday
Author image
By Kaleah Salmon, Journalist

Tesserent, a major Australian cybersecurity company, has highlighted a shift in password security advice from the National Institute of Standards and Technology (NIST).

For many years, businesses, the public sector, and consumers were advised to change passwords regularly and to utilise complex combinations of letters and numbers. However, NIST now suggests that longer passwords or passphrases are more beneficial than shorter, complex passwords.

Mark Jones, Senior Partner at Tesserent, stated, "NIST recommends increasing password length rather than complexity. The onus on implementation of this means that IT teams across Australia need to update systems in alignment with the new directive and a new education awareness campaign is required to inform consumers and support them through the changes."

Jones indicated the importance of this change due to its significant impact on the messaging traditionally promoted by the industry and the Federal Government. "This is a significant shift in the messaging the industry and the Federal Government has strongly pushed to consumers about passwords. Without explaining the reasons to consumers there is going to be confusion. It requires all of us to now pivot our messaging on this key issue in the fight to keep Australia cyber secure," he stressed.

The advice stems from the availability of enhanced tools for password management. With over 24 billion stolen credentials estimated to be circulating online, technologies like passkeys have become crucial. They offer stronger security by cryptographically protecting user credentials during logins.

Despite the updated approach, Jones cautions against the prevalent use of the same password across multiple platforms. "However, with passwords still in widespread use, it is important that people do not use the same password across multiple services and sites," he emphasised.

Password manager software can play a key role by assisting in creating and managing unique passwords, ensuring that a stolen password does not compromise other online identities. "And, wherever possible, enable multi-factor authentication (MFA) so a stolen or compromised password does not mean a cyber-criminal can gain all the keys to your online jewels," Jones advised.

The updated guidance from NIST signifies a crucial shift in password security, focusing on longer passphrases instead of complex combinations. Effective education on best practices, including password managers and multi-factor authentication, will be essential as organisations and individuals adapt to these recommendations. By embracing these strategies, users can enhance their online security and better protect their identities against credential theft, highlighting the importance of staying informed in the evolving cybersecurity landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Juniper Networks unveils Secure AI-Native Edge solution
Cook Government funds six startups in AUD $7.2m programme
AUSCERT launches new service for cyber incident readiness
Deep observability - what is it, and why do we need it?
Elastic integrates Google AI tech to boost security tools
Top stories
Black Forest Lab upgrades FLUX.1 with NVIDIA TensorRT
ApertureData raises USD $8.25m for multimodal AI database
Deepfake scams cost Australian businesses millions, research reveals
Growth mindset crucial for organisational success – report
Zendesk unveils AI-powered tools to enhance customer service