password

NIST Unveils Major Overhaul of Global Password Security Standards

In an interview published by the Wall Street Journal (WSJ), Bill Burr, the 72-year-old retired former manager at the National Institute of Standards and Technology (NIST) discussed the document he created that ultimately served as the standard by which most major enterprises set their password protocols.

The eight-page document, NIST Special Publication 800-63. Appendix A, included such tips as changing passwords every 90 days, and requiring particular combinations of lowercase and uppercase letters, numbers, and special characters.

WSJ calls it “a sort of Hammurabi Code” for password creation, with the piece noting that humans spend more than 1,300 years per day, cumulatively, on the mere act of typing in passwords.

In the new security guidance, “long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen.” 

The new rules are based on studies that indicate “using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers,” referencing a relevant post from the popular webcomic XKCD:

The rules Burr drafted inadvertently “spawned a generation of widely used and goofy looking passwords such as Pa$$w0rd or Monkey1!” the frequency of which, across the wider population, made passwords easier to guess, not more difficult.

Though Burr says he now regrets much of what he proposed in the 2003 document, and Paul Grassi – the leader of the process to create the new standards – conceded that the team “ended up starting from scratch,” Grassi suggests Burr should not be so critical of the standards he helped formulate.

“He wrote a security document that held up for 10 to 15 years. I only hope to be able to have a document hold up that long.”

Posted in General News

Tags: cybersecurity, cyber, cyber crime

Print Email

Add comment


Security code
Refresh

This Week on FEDtalk

This Week on FEDtalk: Running Late for (Presidential) Appointments

Tune in to FedTalk this week for a discussion on the presidential appointment process, including the history of presidential appointments, and the possible risks associated with a historically slow risk of appointments, as well as a spate of acting appointments on which the clock is running out.

Read more ...

Hear it from FLEOA

FLEOA Foundation 2016 Custom Corvette Z06 Raffle

The Federal Law Enforcement Officers Association (FLEOA) Foundation and the National Law Enforcement Officers Memorial Fund (NLEOMF) teamed up to raffle a 2016 Custom Built Wide Body Chevrolet Corvette Zo6.

Read more ...
FEDagent

FEDagent.com

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2017 FEDagent.com
Hosted by Peak Media Company, LLC