Category Archives: Security

Password Pandemonium: NIST 800-63B Changes Things Up!

If you are like me, the thought of having to change your password every however-many-days has become something that I despise as much as I accept as a fact of ‘life in the digital age’. That was until this past June as it appears that the National Institute of Standards and Technology (NIST) has changed their thinking and in June 2017 published an update to NIST 800-63B that is no longer recommending periodic rotation of passwords, mixed case with at least some special characters…you know the drill.

I have a link below to the full 800-63B document and a screen grab of the section (see below) where they specifically detail the fact that all those password ‘best practices’ aren’t really ‘the best’ or needed after all.  Definitely some food for thought and I for one can’t wait for these changes to take effect…although I am not holding my breath!  I would write more here, but I need to start planning on my next 20 character long, mixed-case, special-character-laden password that doesn’t match my previous 15 passwords…

/dev/null

NIST-800-63B-DigitalIdentityGuidelines-AuthandLifestyleManagement-JUN2017-12142017