By Jackson Shaw September 11th, 2017
Recent guidance from NIST may seem counterintuitive.
Despite the publicity about breaches, ransomware, and the like, we’re still using some pretty dumb passwords. Users typically aim for passwords that are easy to remember for their multiple logins, which they are asked to change frequently. Unfortunately, this has led to too many passwords that are far too easy to hack, causing one of security’s biggest headaches.
SplashData posted its sixth annual most common passwords list in February, based on data taken from 5 million leaked emails over the year. Not surprisingly, variations of “password” and “123456” were ranked the top two most commonly used. Other highly used passwords include these:
The US National Institute for Standards and Technology (NIST) faced the problem head on in its recent recommendations, Special Publication 800-63-3: Digital Authentication Guidelines, released in June. Looking among many of NIST’s recommendations, you’ll spot a theme to relax on some policies — yes, relax, despite breaches being on the rise. I’ve highlighted a few of NIST’s recommendations below, and provided my perspective as an identity and access management expert.
Powered by WPeMatico