NIST Blog, Mike Garcia: “…First, I’m going to share the takeaways from our new password guidance. Simply put: Use passphrases, not passwords. Then, I’m going to explain the absolute most important thing to know about passwords: Try not to use them at all. And if you do, don’t rely on passwords, or even passphrases, alone. Over the years, our reliance on passwords, and the ease with which our adversaries can defeat those passwords, resulted in a negative feedback loop where users were subjected to increasingly complex, stressful and exhausting composition rules (upper, lower, and special characters, oh my!), increasing length requirements, password rotation requirements, and on and on. Like pounding out more and more miles faster and faster, these looked like gains on paper but undermined the outcome we wanted: a safer and more convenient online experience…”
Sorry, comments are closed for this post.