password

NIST Unveils Major Overhaul of Global Password Security Standards

In an interview published by the Wall Street Journal (WSJ), Bill Burr, the 72-year-old retired former manager at the National Institute of Standards and Technology (NIST) discussed the document he created that ultimately served as the standard by which most major enterprises set their password protocols.

The eight-page document, NIST Special Publication 800-63. Appendix A, included such tips as changing passwords every 90 days, and requiring particular combinations of lowercase and uppercase letters, numbers, and special characters.

WSJ calls it “a sort of Hammurabi Code” for password creation, with the piece noting that humans spend more than 1,300 years per day, cumulatively, on the mere act of typing in passwords.

In the new security guidance, “long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen.” 

The new rules are based on studies that indicate “using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers,” referencing a relevant post from the popular webcomic XKCD:

The rules Burr drafted inadvertently “spawned a generation of widely used and goofy looking passwords such as Pa$$w0rd or Monkey1!” the frequency of which, across the wider population, made passwords easier to guess, not more difficult.

Though Burr says he now regrets much of what he proposed in the 2003 document, and Paul Grassi – the leader of the process to create the new standards – conceded that the team “ended up starting from scratch,” Grassi suggests Burr should not be so critical of the standards he helped formulate.

“He wrote a security document that held up for 10 to 15 years. I only hope to be able to have a document hold up that long.”

Posted in General News

Tags: cybersecurity, cyber, cyber crime

Print

This Week on FEDtalk

Sorting Through Cybersecurity Part 2: An Internal Agency Perspective

Tune in to FEDtalk this week for a discussion on Cybersecurity Awareness Month. A few weeks ago we heard from industry leaders about top cybersecurity concerns. This week, the individuals leading efforts to combat cyber threats in government will join us to discuss their work.

Read more ...

Hear it from FLEOA

FLEOA Elects New National Officers at Bi-Annual Conference

Last week, the Federal Law Enforcement Officers Association elected the following National Officers at the 25th National Conference held in College Park, Maryland:

Read more ...
FEDagent

FEDagent.com

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2019 FEDagent.com
Hosted by Peak Media Company, LLC