{"id":8,"date":"2023-09-19T19:27:54","date_gmt":"2023-09-19T19:27:54","guid":{"rendered":"https:\/\/blog.nfrontsecurity.com\/?p=8"},"modified":"2023-11-22T17:11:35","modified_gmt":"2023-11-22T17:11:35","slug":"ncsc-password-guidance-and-recommendations","status":"publish","type":"post","link":"https:\/\/nfrontsecurity.com\/blog\/ncsc-password-guidance-and-recommendations\/","title":{"rendered":"NCSC Password Guidance and Recommendations"},"content":{"rendered":"\n

The NCSC (National Cyber Security Centre) provided guidance for Systems Administrators to simplify their approach to passwords. This guidance is not mandatory, but rather recommendations to eliminate the risk of breaches due to weak passwords on a company network. Furthermore, NCSC\u2019s guidance is intended to reduce the daunting task of users having to recall complex password requirements. From an initial standpoint, NCSC resembles NIST compliance. NIST compliance\u2019s general concept is to eliminate complex passwords by requiring longer passwords. In other words, they would prefer for users to create a password like I ate pineapple for breakfast<\/em> than monkey#BUSINESS77<\/em>. For more information about NIST, click here<\/a>.<\/p>\n\n\n\n

For background knowledge, NCSC is a part of the GCHQ (Government Communications Headquarters). GCHQ is partners with Secret Intelligence Services (MI6) and MI5. The ultimate goal of both NCSC and GCHQ is to keep people safe.<\/p>\n\n\n\n

The NCSC password security guidance begins with how passwords are cracked. According to NCSC, passwords are cracked by: interception, brute force, searching, stealing passwords, manual guessing, shoulder surfing, social engineering, and key logging. Here are descriptions for what each method means:<\/p>\n\n\n\n