New password guidelines say everything we thought about passwords is wrong

When I recently discovered a draft of new guidelines for password management from NIST (the National Institute of Standards and Technology), I was amazed about the number of very progressive changes they proposed.

Although NIST’s rules are not mandatory for nongovernmental organizations, they usually have a huge influence as many corporate security professionals use them as base standards and best practices when forming policies for their companies. Thus, another fact I was surprised about was a lack of attention to this document, finalized March 31, from both official media and the blogosphere. After all, those changes are supposed to affect literally everyone who browses the Internet.

Malcare WordPress Security