Vendors approve of NIST password draft

A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors.

The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies.

The new framework recommends, among other things:

  • Remove periodic password change requirements

There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach.

To read this article in full or to leave a comment, please click here


Leave a Reply