US government standards office says periodic password changes aren’t necessary 

New guidelines from the US National Institute of Standards and Technology (NIST), expected to be released this summer, suggest that periodic password changes are no longer necessary. The report also recommends changes to several other password policies that have become antiquated in the modern computing environment:Allow at least 64 characters in length to support the use of passphrases.Encourage users to make memorized secrets as lengthy as they want, using any characters they like (including spaces), thus aiding memorization.Do not impose other composition rules (e.g. mixtures of different character types) on memorized secrets.These requirements will bring standards closer to what security experts currently recommend, and what this often-cited XKCD comic illustrates:

Source: US government standards office says periodic password changes aren’t necessary — Quartz

Advertisements
Categories: Uncategorized

Post navigation

Comments are closed.

Create a free website or blog at WordPress.com.

%d bloggers like this: