Skip to main content
Meet Us at GHPCO 2026 - Global Healthcare InnovationMarch 15-18, 2026|Meet Us at GHPCO 2026 - Global Healthcare InnovationMarch 15-18, 2026
Best Practices

What’s Your Password Management Strategy? Learn Best Practices at HIMSS 2018

Password management for the enterprise can be complex. It’s also often ineffective in decreasing cybersecurity risk. The National Institute of Standards and Technology (NIST) has long been the authority on password management. For decades, NIST did not make any significant changes, until now. If you are unfamiliar with the new guidelines or want to learn more about how they should impact your password management strategy, then join us at HIMSS.

2 min read
Picture of password management graphic for HIMSS 2018

Password management for the enterprise can be complex. It’s also often ineffective in decreasing cybersecurity risk. The National Institute of Standards and Technology (NIST) has long been the authority on password management. For decades, NIST did not make any significant changes, until now. If you are unfamiliar with the new guidelines or want to learn more about how they should impact your password management strategy, then join us at HIMSS.Cybersecurity is always a main topic at HIMSS and in turn so is password management. The new NIST password security guidelines have been set out to simplify and secure passwords better. This is substantially changing many of the standards and best practices with which security experts have been using when forming enterprise policies.

NIST changes overview

These are three of the most significant changes.

  • Removing periodic password change requirements: research has shown that forcing new password changes regularly does not enhance password security but is in fact counterproductive.
  • Dropping the algorithmic complexity: forget the intricacy of uppercase letters, symbols or numbers. As with password changes, research shows this results in worse passwords.
  • Requiring screening of new passwords against lists of commonly used or compromised passwords: this guideline should push users to be a bit more creative.

Join our HIMSS session

To discuss these NIST guideline changes and more, our CEO and Founder, Krishna Kurapati, a cybersecurity expert, will present on the topic during this year’s HIMSS Conference. Krishna will share how these new guidelines can improve network security, while also turning your workforce into an asset, rather than a liability. Attend Rethinking Password Management in 2018 on Tuesday, March 6 from 10:30 to 10:50 AM, at Titian Booth 8600. This session is perfect for CIOs, CTOs and senior IT professionals, who develop enterprise password management strategies. Don’t miss this engaging, candid conversation about what password management should look like in the modern enterprise. You can also test drive QliqSOFT while at HIMSS. Sign up for a quick demo before the show.

Frequently Asked Questions

Find answers to common questions about this topic.

NIST updated their guidelines because research showed that traditional practices like mandatory periodic password changes and complex algorithmic requirements were actually counterproductive and resulted in weaker passwords. The new guidelines aim to simplify password management while improving security effectiveness.

Healthcare organizations need to revise their enterprise password policies by eliminating mandatory password rotation, removing complex character requirements, and implementing screening against compromised password databases. These changes can transform the workforce from a security liability into an asset while maintaining HIPAA compliance.

Instead of mandating uppercase letters, symbols, and numbers, healthcare IT teams should focus on screening new passwords against lists of commonly used or compromised passwords. This approach encourages more creative, unique passwords while reducing user frustration and security vulnerabilities.

Yes, the new NIST guidelines are particularly beneficial for healthcare environments as they reduce password fatigue among clinical staff while improving actual security. The focus on screening against compromised passwords and eliminating counterproductive complexity requirements enhances protection of sensitive patient data.

Healthcare organizations can implement automated password screening tools that check new passwords against databases of known compromised or commonly used passwords during password creation. This prevents users from selecting weak passwords while maintaining compliance with updated cybersecurity standards.

Ben Henson

Written by

Ben Henson

Healthcare IT Specialist

Healthcare IT specialist with expertise in HIPAA compliance and secure messaging.

View all posts

Related Articles

|password settings for healthcare devices and programs
Best Practices

HIT Security Issues in 2017 - Password Management

The first line of defense in preventing hacking is a secure password. Unfortunately, IT administrators and website security and management companies know that educating their users on the definition and necessity of a strong password often falls on deaf ears. Most users opt for convenience and familiarity when they aren’t forced to change passwords that contain strong character and symbol combinations frequently.

Ben HensonBen Henson
2 min read
Picture of HIMSS18 Interoperability Showcase
Best Practices

What’s Trending in Healthcare IT: Our Review of HIMSS 2018

Healthcare IT is anything but stagnant and boring, as displayed at last week’s HIMSS 2018 conference in Las Vegas. As a long-time attendee of the conference and HIMSS Gold Member, QliqSOFT explored all the trends in healthcare IT, both in the space we operate and beyond. Because everything that happens in the industry is important to us, our partners, and clients. We spent time on the exhibit floor, at educational sessions, and attending panels to get a pulse on what the next big thing in healthcare technology is.

Ben HensonBen Henson
6 min read
2m left