{"id":118274,"date":"2024-11-01T21:35:59","date_gmt":"2024-11-02T01:35:59","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=118274"},"modified":"2024-12-05T21:38:35","modified_gmt":"2024-12-06T02:38:35","slug":"why-did-nist-drop-password-complexity-requirements","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements","title":{"rendered":"Why Did NIST Drop Password Complexity Requirements?"},"content":{"rendered":"\n

The National Institute of Standards and Technology (NIST) has updated its password security guidelines<\/a>. They now recommend longer passwords instead of complex character combinations<\/a>. This change is significant for IT security professionals and is reshaping how we approach password security today. <\/p>\n\n\n\n

Let’s take a look at why the change was implemented and what it means for IT teams going forward.<\/p>\n\n\n\n

A Move Toward Simplicity and Security<\/strong><\/h2>\n\n\n\n

NIST’s recent update does away with the old mandate for using a combination of uppercase and lowercase letters, numbers, and special characters. Instead, it recommends longer passwords. <\/p>\n\n\n\n

Why? <\/p>\n\n\n\n

Because complexity often leads to predictability. People create passwords they can remember by using predictable patterns, which ironically makes them easier to crack.<\/p>\n\n\n\n

Consider this: most users don\u2019t understand just how easy it is for hackers to breach accounts through weak passwords. In fact, weak passwords account for over 80% of organizational data breaches<\/a>. By advocating for longer passwords, NIST is pushing for a standard that is both more secure and easier for users to remember.<\/p>\n\n\n\n

Real-World Examples and Implications<\/strong><\/h2>\n\n\n\n

The implications of NIST’s changes are profound. <\/p>\n\n\n\n

Organizations like Ticketmaster and Dell have suffered significant breaches<\/a> due to inadequate password security. The average cost of a data breach is over $4 million, but for major breaches, the financial and reputation damage can be astronomical. By adopting NIST’s updated recommendations, companies can prevent such costly incidents.<\/p>\n\n\n\n

Let’s look at Dell’s example. A brute force attack exposed their vulnerabilities, leading to customer data being compromised. Had they implemented stronger, longer passwords as recommended by NIST, the outcome might have been different. This highlights the critical need for companies to reassess their password policies.<\/p>\n\n\n\n

Addressing Industry Challenges<\/strong><\/h2>\n\n\n\n

IT security professionals face the challenge of balancing security with usability. Long, complex passwords are hard to remember, leading users to take shortcuts like reusing passwords across multiple sites. This is a big problem when 60% of individuals admit to reusing passwords.<\/p>\n\n\n\n

NIST’s new guidelines address this by recommending password lengths of at least 15 characters and allowing passphrases up to 64 characters. Passphrases are easier to remember and provide robust security, reducing the likelihood of breaches caused by reused or weak passwords.<\/p>\n\n\n\n

The Role of Multi-Factor Authentication<\/strong><\/h2>\n\n\n\n

Beyond passwords, NIST stresses the importance of multi-factor authentication (MFA)<\/a> to add an extra layer of security. MFA is increasingly adopted, with roughly 50% of individual users now utilizing it. For businesses, it’s even more critical, with 83% of enterprise organizations implementing MFA<\/a> to protect against unauthorized access.<\/p>\n\n\n\n

For IT security professionals, the message is clear<\/a>. Encourage users to adopt MFA alongside strong passphrases to minimize risks. It’s a two-fold approach that significantly enhances security and protects sensitive data.<\/p>\n\n\n\n

<\/p><\/div>

Note:<\/strong> \n

Learn more about recent MFA statistics and trends<\/a><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

Taking Action for Better Security<\/strong><\/h2>\n\n\n\n

Understanding the need for stronger, yet user-friendly password practices, JumpCloud offers a holistic solution. The JumpCloud Password Manager<\/a> empowers teams to securely manage passwords and other sensitive information, all while providing seamless authentication.<\/p>\n\n\n\n

JumpCloud reduces password reset frequency, offers auto-fill for passwords and MFA, and facilitates secure password sharing. This streamlines workflow, giving users and IT teams time back for strategic work. Plus, with features like local and cloud storage with end-to-end encryption, you have the control and visibility you need.It’s time to reassess and strengthen your organization\u2019s password policies. <\/p>\n\n\n\n

Educate your team on the significance of easy-to-remember yet strong passwords. Implement tools like JumpCloud to facilitate secure password management. Explore our platform and see how JumpCloud can enhance your password management strategy. We offer free guided simulations<\/a> and have a dedicated team<\/a> ready to answer any questions you may have.<\/p>\n","protected":false},"excerpt":{"rendered":"

NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?<\/p>\n","protected":false},"author":120,"featured_media":78708,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[],"collection":[2775],"platform":[],"funnel_stage":[3015],"coauthors":[2537],"acf":[],"yoast_head":"\nWhy Did NIST Drop Password Complexity Requirements? - JumpCloud<\/title>\n<meta name=\"description\" content=\"NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why Did NIST Drop Password Complexity Requirements?\" \/>\n<meta property=\"og:description\" content=\"NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-02T01:35:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-06T02:38:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"342\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sean Blanton\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Blanton\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\"},\"author\":{\"name\":\"Sean Blanton\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3\"},\"headline\":\"Why Did NIST Drop Password Complexity Requirements?\",\"datePublished\":\"2024-11-02T01:35:59+00:00\",\"dateModified\":\"2024-12-06T02:38:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\"},\"wordCount\":613,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg\",\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\",\"url\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\",\"name\":\"Why Did NIST Drop Password Complexity Requirements? - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg\",\"datePublished\":\"2024-11-02T01:35:59+00:00\",\"dateModified\":\"2024-12-06T02:38:35+00:00\",\"description\":\"NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg\",\"width\":512,\"height\":342,\"caption\":\"Businessman logging on to a password protected website. There are login and password fields and a sign in button. There is also a shield and lock graphic\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why Did NIST Drop Password Complexity Requirements?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3\",\"name\":\"Sean Blanton\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/0f493278829cf832b6cf8a58926a4585\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g\",\"caption\":\"Sean Blanton\"},\"description\":\"Sean Blanton is the Director of Content at JumpCloud and has spent the past decade in the wide world of security, networking and IT and Infosec administration. When not at work Sean enjoys spending time with his young kids and geeking out on table top games.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Why Did NIST Drop Password Complexity Requirements? - JumpCloud","description":"NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements","og_locale":"en_US","og_type":"article","og_title":"Why Did NIST Drop Password Complexity Requirements?","og_description":"NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?","og_url":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements","og_site_name":"JumpCloud","article_published_time":"2024-11-02T01:35:59+00:00","article_modified_time":"2024-12-06T02:38:35+00:00","og_image":[{"width":512,"height":342,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg","type":"image\/jpeg"}],"author":"Sean Blanton","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sean Blanton","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements"},"author":{"name":"Sean Blanton","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3"},"headline":"Why Did NIST Drop Password Complexity Requirements?","datePublished":"2024-11-02T01:35:59+00:00","dateModified":"2024-12-06T02:38:35+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements"},"wordCount":613,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg","articleSection":["News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements","url":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements","name":"Why Did NIST Drop Password Complexity Requirements? - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg","datePublished":"2024-11-02T01:35:59+00:00","dateModified":"2024-12-06T02:38:35+00:00","description":"NIST has dropped its password complexity requirements. What does this mean for IT teams, and how can you better manage your org\u2019s passwords?","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/computer-1.jpeg","width":512,"height":342,"caption":"Businessman logging on to a password protected website. There are login and password fields and a sign in button. There is also a shield and lock graphic"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/why-did-nist-drop-password-complexity-requirements#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Why Did NIST Drop Password Complexity Requirements?"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3","name":"Sean Blanton","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/0f493278829cf832b6cf8a58926a4585","url":"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g","caption":"Sean Blanton"},"description":"Sean Blanton is the Director of Content at JumpCloud and has spent the past decade in the wide world of security, networking and IT and Infosec administration. When not at work Sean enjoys spending time with his young kids and geeking out on table top games."}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/118274"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/120"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=118274"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/118274\/revisions"}],"predecessor-version":[{"id":118276,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/118274\/revisions\/118276"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/78708"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=118274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=118274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=118274"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=118274"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=118274"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=118274"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=118274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}