NIST released new standards for password security in June in their final version of the SP 600-83 docs. Federal agencies and contractors use NIST’s standards as guidelines on how to secure digital identities.
In 2003, NIST manager Bill Burr made up the now-infamous “best practices” for passwords, including complexity with regard to special characters, capitalization, numerals, and so on. He recently admitted he regretted doing so to The Wall Street Journal - as his suggestions only increased user frustration while having little effect on security. The new NIST guidelines recommend using long passphrases instead of complex passwords.
Check out our latest blog by Thu Pham for many more new recommendations from NIST on password best practices.