Wednesday, September 25, 2024

NIST proposes barring some of the most nonsensical password rules


NIST proposes barring some of the most nonsensical password rules

Enlarge (credit: Getty Images)

The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions.

Choosing strong passwords and storing them safely is one of the most challenging parts of a good cybersecurity regimen. More challenging still is complying with password rules imposed by employers, federal agencies, and providers of online services. Frequently, the rules—ostensibly to enhance security hygiene—actually undermine it. And yet, the nameless rulemakers impose the requirements anyway.

Stop the madness, please!

Last week, NIST SP 800-63-4, the latest version of its Digital Identity Guidelines. At roughly 35,000 words and filled with jargon and bureaucratic terms, the document is nearly impossible to read all the way through and just as hard to understand fully. It sets both the technical requirements and recommended best practices for determining the validity of methods used to authenticate digital identities online. Organizations that interact with the federal government online are required to be in compliance.

Read 9 remaining paragraphs | Comments

Reference : https://ift.tt/SXIWVE2

No comments:

Post a Comment

NATO’s Emergency Plan for an Orbital Backup Internet

On 18 February 2024, a missile attack from the Houthi militants in Yemen hit the cargo ship Rubymar in the Red Sea. With the crew evacu...