Skip to main content
close search
site logo
Dive Brief

NIST shakes up password requirements, vendors approve

Published May 10, 2017
By
Contributing Editor

Dive Brief:

  • Vendors last week approved a recently released draft of the National Institute of Standards and Technology’s (NIST's) digital identity guidelines that revised password security recommendations, altering or eliminating many of the standards and best practices security professionals have used for year, according to CSO Online and Threatpost.

  • "We are glad to see national organizations like NIST recommend an update and change to a paradigm that no longer works," Phil Dunkelberger, CEO of Nok Nok Labs told CSO.

  • The new framework recommends changing some of the oldest recommended password practices, such as periodic password change requirements and arbitrary password complexity requirements requiring a mix of upper case letters, symbols and numbers.

Dive Insight:

The password requirements of yesterday are no longer effective in today’s threat environment. The bad guys know all of the tricks, so NIST wants to get rid of the old and focus on figuring out something new that might actually work.

More tech companies have been moving away from passwords and toward multistep and multifactor authentication and physical keys. Last month, Microsoft revealed phone sign-in for Microsoft accounts, a new sign-in feature that the company says will eliminate the traditional password. Google announced a similar approach last summer.

Other companies are looking for even more unique new ways to verify someone’s identity. Researchers at Binghamton State University recently reported they are experimenting with a new security technique for accessing medical records that would create an encryption key using patients' electrocardiograph readings.

Traditional passwords are easily forgotten and easily stolen. More than three billion user credentials and passwords were stolen in 2016, according to a report from Thycotic and Cybersecurity Ventures. That breaks down to 8.2 million passwords stolen every day and approximately 95 passwords stolen every second. Yahoo alone, for example, disclosed cybercriminals had accessed account information for at least one billion accounts.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell