By Michael Mimoso May 3, 2017
A comment period has closed on NIST’s new password guidelines for federal agencies that challenge the effectiveness of traditional behaviors around authentication such as an insistence on complex passwords and scheduled resets.
As more tech companies move away from passwords and toward multistep and multifactor authentication, and physical keys, NIST’s guidance accelerates the conversation for the U.S. government.
The document also proposes that passwords be checked against blacklists of unacceptable credentials, including passwords already exposed in breaches, dictionary words, and repetitive or sequential characters. The overall marching orders, however, are to relieve user frustration caused by decades of memorizing an overbearing number of passwords to get your job done.
Powered by WPeMatico