Vendors approve of NIST password draft

A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors.

The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies.

The new framework recommends, among other things:

  • Remove periodic password change requirements

There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach.

To read this article in full or to leave a comment, please click here

from CSO Online Data Protection http://www.csoonline.com/article/3195181/data-protection/vendors-approve-of-nist-password-draft.html#tk.rss_dataprotection

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s