Why Relaxing Our Password Policies Might Actually Bolster User Safety

By Jackson Shaw September 11th, 2017


Recent guidance from NIST may seem counterintuitive.


Despite the publicity about breaches, ransomware, and the like, we’re still using some pretty dumb passwords. Users typically aim for passwords that are easy to remember for their multiple logins, which they are asked to change frequently. Unfortunately, this has led to too many passwords that are far too easy to hack, causing one of security’s biggest headaches.


SplashData posted its sixth annual most common passwords list in February, based on data taken from 5 million leaked emails over the year. Not surprisingly, variations of “password” and “123456” were ranked the top two most commonly used. Other highly used passwords include these:


  • football
  • princess
  • welcome
  • hottie
  • admin

The US National Institute for Standards and Technology (NIST) faced the problem head on in its recent recommendations, Special Publication 800-63-3: Digital Authentication Guidelines, released in June. Looking among many of NIST’s recommendations, you’ll spot a theme to relax on some policies — yes, relax, despite breaches being on the rise. I’ve highlighted a few of NIST’s recommendations below, and provided my perspective as an identity and access management expert.


Full Article.

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico

This entry was posted in anti-malware and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Comments are closed.