The National Institute of Standards and Technology (NIST) has released new guidelines for password security, marking a significant shift from traditional practices. Key changes include:
- Password Complexity: NIST no longer recommends complex requirements like mixing characters. Instead, they emphasize longer passwords, suggesting a minimum of 8 characters and allowing up to 64 characters for passphrases.
- Periodic Changes: Mandatory periodic password changes are discouraged. Passwords should only be changed when there’s evidence of compromise.
- Weak Passwords: Organizations should block commonly used or compromised passwords and avoid password hints or knowledge-based questions.
- Multi-Factor Authentication: NIST strongly encourages the use of multi-factor authentication (MFA) for added security.
NIST Special Publication 800-63B. (n.d.). https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Baran, G. (2024, September 27). NIST recommends new rules for password security. Cyber Security News. https://cybersecuritynews.com/nist-rules-password-security/#google_vignette