The team of cyber experts at one of Australia’s largest cybersecurity companies, Tesserent cyber security solutions by Thales picked up the recent new advice, regarding forcing users to regularly change their passwords. NIST recommends that using a long password and passphrase is better than a shorter but complex password.

Mark Jones, Senior Partner, Tesserent says, “NIST recommends increasing password length rather than complexity. The onus on implementation of this means that IT teams across Australia need to update systems in alignment with the new directive and a new education awareness campaign is required to inform consumers and support them through the changes.

“This is a significant shift in the messaging the industry and the Federal Government has strongly pushed to consumers about passwords. Without explaining the reasons to consumers there is going to be confusion. It requires all of us to now pivot our messaging on this key issue in the fight to keep Australia cyber secure,” he stresses.

Mark highlights that this change is being made as there are now better tools available to manage passwords. With over 24 billion stolen credentials believed to be available online, new tools such as passkeys have stronger protection as they cryptographically protect user credentials as they log into systems.

“However, with passwords still in widespread use, it is important that people do not use the same password across multiple services and sites,” Mark stresses. Password manager software can help create and manage unique passwords so one stolen password does not mean all your online identities are compromised. “And, wherever possible, enable multi-factor authentication (MFA) so a stolen or compromised password does not mean a cyber-criminal can gain all the keys to your online jewels,” Mark adds.