Poll: NIST advises simpler passwords, but will your hospital update its policies?

Take our poll and we’ll report back on what other hospital IT shops are planning to do.
By Tom Sullivan
02:14 PM

In new draft guidance, the National Institutes of Standards and Technology urged healthcare and other IT shops to ease common password requirements.

Instead of mandating that log-in credentials consist of numbers and symbols in addition to letters, NIST said phrases could be more effective.

[Also: NIST tweaks advice on passwords, says make them easier to remember]

Today’s strict rules, the argument goes, actually force employees to pick passwords that are easier for them to guess than actually remember — and that means they are also easier for hackers to figure out, too. So it follows that enabling your users to pick a three-word phrase with spaces, for instance, frees them to pick passwords they won’t forget and, more important, are harder to decipher.

But this is a major shift from years of widespread password practice. Whether it holds up in the real world or not remains to be seen.

[Join Your Peers at HIMSS’ Healthcare Security Forum! Register Today]

What will your hospital do? Does this mean it’s time to update internal password policies accordingly? Or is it safer to stick with what you have?

All answers are anonymous. We’ll crunch the numbers and share the results to deliver insights on how your hospital peers are taking the new NIST advice.