Stories
Slash Boxes
Comments

SoylentNews is people

Latest NIST Guidelines on Password Policies

posted by martyb on Friday August 19 2016, @07:32PM   Printer-friendly
from the keeping-things-to-yourself dept.

Bill Dimm writes:

The latest NIST (United States National Institute for Standards and Technology) guidelines on password policies recommend a minimum of 8 characters. Perhaps more interesting is what they recommend against. They recommend against allowing password hints, requiring the password to contain certain characters (like numeric digits or upper-case characters), using knowledge-based authentication (e.g., what is your mother's maiden name?), using SMS (Short Message Service) for two-factor authentication, or expiring passwords after some amount of time. They also provide recommendations on how password data should be stored.

[Ed. Note: Contrary to common practice, I would advocate reading the entire linked article so we can have an informed discussion on the many recommendations in the proposal. What has been your experience with password policies? Do the recommendations rectify problems you have seen? Is it reasonable to expect average users to follow the recommendations? What have they left out?]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Latest NIST Guidelines on Password Policies | Log In/Create an Account | Top | 58 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Snow on Friday August 19 2016, @09:28PM

    by Snow (1601) on Friday August 19 2016, @09:28PM (#390299) Journal

    I have a handful of passwords but most logins use the same insecure password. Do I care if my soylent login gets hacked? Not really, so insecure password it is. I have a work password that meets work requirements and has a number tacked on the end so when it expires, I increment the number.

    Finally I have my 'super-secure' password, which is a derivative of my deceased dog's ear tattoo number. It seemed like a good idea, because if I ever forgot it, I could just call her over and take a peek.

    Anyways, my password strategy is complete shit, but convenient, and I like it that way.

    As a side note, one of my email accounts was compromised. My ISP locked the account and I had to call them to unlock it. They made me choose a long password. I have no idea what it is. I had to change it to log in when I changed my mobile device. That was less then a week ago, and I tried to log in today, and I have no idea what the password is anymore - super annoying.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Dr Spin on Saturday August 20 2016, @08:56AM

    by Dr Spin (5239) on Saturday August 20 2016, @08:56AM (#390535)

    That is why you put it on a post-it note on the monitor!

    --
    Warning: Opening your mouth may invalidate your brain!