Password complexity and NIST 800-63-3B
You may have heard about the “new” NIST 800-63-3B password requirements and guidelines. I will cover the highlights of the new guidance for authenticators, where they got it right, and where to be cautious. It is important to highlight the major changes that have taken place and what they mean for individuals and businesses that use passwords to secure their data.
The NIST 800-63-3B guidelines for password management are the most recent version of password security standards from NIST. NIST 800-63-3B is a complete turnaround to what we typically think of as a secure password. You’ll still hear people say the guidance is new, but it was released in June 2017. The IT Industry has been rather slow in implementing the new guidance into their products and applications. The guidelines provide more flexibility to users while maintaining security standards.
Traditionally, the longer and more complex a password, the harder it...
