Has an IT person ever told you something crazy, like:
Your password needs a capital letter and a number and a special character, except you can’t use parentheses and it has to be longer than 6 characters but shorter than 8 and you can’t write them down and you can’t keep them anywhere and we’re going to make you change them every 60 days.
Oh, and you need 30 of these monsters. And if you forget one, we’re locking down your account till you come to the basement and give a blood sample.
Security researcher Troy Hunt has a great article about modern best practices in cyber security. You can read the entire article, Passwords Evolved: Authentication Guidance for the Modern Era.
Some of his recommendations for system designers:
- Don’t limit the size of the password
- Rules about special characters don’t help
- Stop offering of hints and security questions
- Embrace password managers
- Don’t require users to change passwords periodically
- Notify users of unusual behavior
- Block breached passwords
At Matterform, we specialize in creating highly-secure custom solutions, including HIPAA-secure software for healthcare. And we follow modern cybersecurity best practices supported by research, not crazy old wives’ tales.