password

NIST Unveils Major Overhaul of Global Password Security Standards

In an interview published by the Wall Street Journal (WSJ), Bill Burr, the 72-year-old retired former manager at the National Institute of Standards and Technology (NIST) discussed the document he created that ultimately served as the standard by which most major enterprises set their password protocols.

The eight-page document, NIST Special Publication 800-63. Appendix A, included such tips as changing passwords every 90 days, and requiring particular combinations of lowercase and uppercase letters, numbers, and special characters.

WSJ calls it “a sort of Hammurabi Code” for password creation, with the piece noting that humans spend more than 1,300 years per day, cumulatively, on the mere act of typing in passwords.

In the new security guidance, “long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen.” 

The new rules are based on studies that indicate “using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers,” referencing a relevant post from the popular webcomic XKCD:

The rules Burr drafted inadvertently “spawned a generation of widely used and goofy looking passwords such as Pa$$w0rd or Monkey1!” the frequency of which, across the wider population, made passwords easier to guess, not more difficult.

Though Burr says he now regrets much of what he proposed in the 2003 document, and Paul Grassi – the leader of the process to create the new standards – conceded that the team “ended up starting from scratch,” Grassi suggests Burr should not be so critical of the standards he helped formulate.

“He wrote a security document that held up for 10 to 15 years. I only hope to be able to have a document hold up that long.”

Posted in General News

Tags: cybersecurity, cyber, cyber crime

Print

This Week on FEDtalk

An Inside Look at Whistleblowing

Tune in to FEDtalk this Friday for a fascinating look into the federal whistleblowing process.  Joining host Debra Roth will be the founders of Whistleblower Aid, John Tye and Mark Zaid. 

Read more ...

Hear it from FLEOA

An Update on the OPM Cyber Breach

In the wake of the most recent data breach of Equifax, FLEOA has provided an update on the June 2015 Office of Personnel Management (OPM) data breach to include claims, lawsuits and legislation.

Read more ...
FEDagent

FEDagent.com

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2018 FEDagent.com
Hosted by Peak Media Company, LLC