Sanity Prevails Finally! Your passwords don’t need so many fiddly characters, NIST says
"The US National Institute of Standards and Technology has released its latest guidelines for password creation, and it comes with some serious changes. Gone are the days of resetting your and your employees’ passwords every month or so, and no longer should you or your small business worry about requiring special characters, numbers, and capital letters when creating those passwords. Further, password hints and basic security questions are no longer suitable means of password recovery, and password length, above all other factors, is the most meaningful measure of strength."
It looks like finally the last 10 years of security researchers recommendations have been taken on board. Why now suddenly? I have no idea, but I am glad that sanity is finally prevailing.
It was a few years back that the originator of that d**n 30 day password change idea admitted there were no grounds actually for it.
Password length is really the key criteria. So a well-chosen phrase can now be easier to remember as well as being more difficult to crack.
Of the course, the big challenge will be, how many years will it be before organisations actually adopt this change...
See
Your passwords don't need so many fiddly characters, NIST says
There are new rules for your password—and the passwords of your employees. Read NIST's latest guidance on password security.
#
technology #
passwords #
security
Like Us
Support Hubzilla
