Rethinking password security for accountants - Wisconsin Institute of Certified Public Accountants

Accounting professionals are no strangers to compliance standards, but when it comes to password policies, many firms still follow outdated practices. For years, conventional wisdom promoted short, complex passwords with symbols, mandatory resets and rigid rules.

But the National Institute of Standards and Technology, the federal agency that develops guidelines for information security, now recommends a different approach. Their latest publication, NIST SP 800-63B, emphasizes password length and usability over complexity.

It’s a shift designed to improve both cybersecurity and user experience across all industries — especially in fields like accounting, where sensitive client data is the backbone of operations. Consider these practical tips.