password

NIST Unveils Major Overhaul of Global Password Security Standards

In an interview published by the Wall Street Journal (WSJ), Bill Burr, the 72-year-old retired former manager at the National Institute of Standards and Technology (NIST) discussed the document he created that ultimately served as the standard by which most major enterprises set their password protocols.

The eight-page document, NIST Special Publication 800-63. Appendix A, included such tips as changing passwords every 90 days, and requiring particular combinations of lowercase and uppercase letters, numbers, and special characters.

WSJ calls it “a sort of Hammurabi Code” for password creation, with the piece noting that humans spend more than 1,300 years per day, cumulatively, on the mere act of typing in passwords.

In the new security guidance, “long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen.” 

The new rules are based on studies that indicate “using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers,” referencing a relevant post from the popular webcomic XKCD:

The rules Burr drafted inadvertently “spawned a generation of widely used and goofy looking passwords such as Pa$$w0rd or Monkey1!” the frequency of which, across the wider population, made passwords easier to guess, not more difficult.

Though Burr says he now regrets much of what he proposed in the 2003 document, and Paul Grassi – the leader of the process to create the new standards – conceded that the team “ended up starting from scratch,” Grassi suggests Burr should not be so critical of the standards he helped formulate.

“He wrote a security document that held up for 10 to 15 years. I only hope to be able to have a document hold up that long.”

Posted in General News

Tags: cybersecurity, cyber, cyber crime

Print

This Week on FEDtalk

Preparing Young People for Public Service

Tune in to FEDtalk this week for a discussion on the transition between college and government. The guests will cover how the federal government is currently struggling to recruit and retain young people in public service. Guests will also highlight projects by both government entities and stakeholders to encourage individuals to join the next generation of federal government work.

Read more ...

Hear it from FLEOA

FLEOA Encourages Passage of EAGLES Act Following Wave of Mass Public Violence

Nathan Catura, President of the Federal Law Enforcement Officers Association (FLEOA), the nation’s largest non-partisan, not-for-profit professional association representing more than 27,000 federal law enforcement officers and agents across 65 federal agencies, today issued the following statement in support of the EAGLES Act.

Read more ...
FEDagent

FEDagent.com

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2019 FEDagent.com
Hosted by Peak Media Company, LLC