cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1606
Views
1
Helpful
1
Replies

NIST Update: Passphrases In, Complex Passwords Out

mkorovesisduo
Level 4
Level 4

NIST released new standards for password security in June in their final version of the SP 600-83 docs. Federal agencies and contractors use NIST’s standards as guidelines on how to secure digital identities.

In 2003, NIST manager Bill Burr made up the now-infamous “best practices” for passwords, including complexity with regard to special characters, capitalization, numerals, and so on. He recently admitted he regretted doing so to The Wall Street Journal - as his suggestions only increased user frustration while having little effect on security. The new NIST guidelines recommend using long passphrases instead of complex passwords.

Check out our latest blog by Thu Pham for many more new recommendations from NIST on password best practices.

1 Reply 1

buddhake
Level 1
Level 1

These adjustments are a long time coming and everyone I speak to is excited to get these into practise. Has anyone put thought to how to address these enhancement whilst we wait for regulations/contracts that are more prescriptive (e.g. hard coded with 8 character, 1 special, 1 numeral, 1 upper, etc). It would be easier if references had been made to being compliant to the guideline/standard itself but in many cases the details are what is documented.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links