Nexfixit
Share
We provide secure, reliable, and proactive IT services — including managed support, cybersecurity, infrastructure, and website solutions — to keep businesses running smoothly and growing with confidence.
03/20/2026
For years, we were taught password “best practices” that felt secure — but modern guidance has flipped the script.
Old‑School Password Rules 👴
• Change passwords every 60–90 days
• Require symbols, numbers, uppercase, lowercase
• Short passwords (8 characters)
• “Never reuse passwords” (but no real enforcement)
• Security questions as backup access
What NIST Recommends Today ✅
• Longer passwords instead of complex ones (12–16+ characters)
• No forced password changes unless there’s evidence of compromise
• Passphrases > passwords (easy to remember, hard to crack)
• Block known breached passwords
• MFA everywhere — passwords alone aren’t enough
💡 The takeaway:
Security isn’t about making passwords harder for users — it’s about making them harder for attackers.
If your environment is still relying on legacy password rules, it may actually be less secure — and more frustrating — than modern standards.
Small changes. Big security impact.
Click here to claim your Sponsored Listing.
