As stated by NIST 800 Series: Passwords are used in many ways to protect data, systems, and networks. For example, passwords are used to authenticate users of operating systems and applications such as email, labor recording, and remote access. Passwords are also used to protect files and other stored information, such as password-protecting a single compressed file, a cryptographic key, or an encrypted hard drive. In addition, passwords are often used in less visible ways; for example, a biometric device may generate a password based on a fingerprint scan, and that password is then used for authentication.
The purpose of NIST guides are to assist organizations in understanding common threats against their character-based passwords and how to mitigate those threats within the enterprise. LogmeOnce adheres to NIST guidelines. The information security policies addressed includes defining password policy requirements and selecting centralized and local password management solutions.
It is important to note, there are different forms of passwords. One is known as a personal identification number (PIN). A PIN is relatively short (usually 4 to 6 characters) and consists of only digits. Examples of PINs are “7352” and “832290”.
Another specialized form of password is known as a Passphrase. This is a relatively long password consisting of a series of words, such as a phrase or a full sentence. An example of a passphrase is “Iamdefinitelyyour#1fan”. The motivation for passphrases is that they can be longer than single-word passwords but easier to remember than a sequence of arbitrary letters, digits, and special characters, such as “72*^dSd!” or “C8ke2.e3:”. However, a simple passphrase such as “iloverocknroll” is predictable and therefore easier for an attacker to guess than “9j%a#F.0”, so a passphrase’s length alone does not make it stronger than other passwords. NIST 800 guidelines provides information security policies to assist in development of secure password and information systems.