NIST Revamps Password Guidelines to Combat User Fatigue and Enhance Security
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
Recent updates to password guidelines from the National Institute of Standards and Technology (NIST) focus on simplifying password management for users by advising that passwords should only be changed when a compromise is suspected. NIST now recommends using longer passwords, ideally at least 15 characters, and encourages the use of passphrases. Despite these changes, many organizations still rely on passwords for regulatory reasons and due to outdated systems that limit modern authentication methods. Experts suggest that a shift towards more comprehensive identity governance strategies is essential, advocating for technologies like zero trust architectures to better safeguard against identity-based threats.
