IT departments should implement and maintain effective password policies containing robust user identification and password practices. Millions of users worldwide continue to use 123456 and other easily guessed passwords (see here for 100,000 passwords to avoid). In a 2019 Ponemon study, 69% of respondents shared passwords with work colleagues, and 51% reused an average of five passwords across their business or personal accounts—contrary to best practices.
As imperfect a means of authentication as they are, “memorized secrets” like passwords, pass phrases and PINs are common, and indeed are the primary means of authentication for most computer systems. In June, the National Institute of Standards and Technology issued a new publication on digital identity management that, in part, recommends changes to password policy that has become standard in many organizations—policy requiring passwords with special characters.