New best practices for passwords
posted Thu 12 Oct 2017 by Michael Galloy under ProgrammingNIST has published new standards for digital identifies. Highlights, via [Bruce Schneier], for passwords:
1. No password rules! Use pass phrases.
2. Don't expire passwords.
3. Allow password managers.
I have written about this [before], where I said my personal pet peeve was forced password expiration (#2). I hope organizations start using the new standards quickly!
[before]: http://michaelgalloy.com/2017/03/16/i-hate-password-rules.html "I hate password rules"
[Bruce Schneier]: https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html "Changes in Password Best Practices"