New best practices for passwords
posted Thu 12 Oct 2017 by Michael Galloy under ProgrammingNIST has published new standards for digital identifies. Highlights, via Bruce Schneier, for passwords:
- No password rules! Use pass phrases.
- Don’t expire passwords.
- Allow password managers.
I have written about this before, where I said my personal pet peeve was forced password expiration (#2). I hope organizations start using the new standards quickly!