Today the National Academy of Security and Technology Equipment (NASTE) published a draft of their newest cybersecurity publication, SP 123456789, Password Selection for Little Used Applications with No Access to Sensitive Information. This publication was designed to provide guidance on how to select a password for access to free publications and stand-alone applications that provide no access to personally identifiable information.
Kate Libby, a researcher with Dragonfire Cyber, and one of the co-authors of the draft, explained: “The proliferation of devices and applications requiring a unique password for adequate cybersecurity protections has made it increasingly difficult for the average person to keep track of the multiple passwords. We need to make it simpler for people to remember their passwords by using realistic passwords for devices and applications where system compromise will have minimal impact on individual security.
In addition to selection of easily remembered passwords, a chapter of the proposed standard discusses the use of fake names and fictional biographic data when signing up for access to devices and accounts where there are few or limited security concerns.