Skip to main content

RESOURCES

Enzoic Blog

Research, views, and insights on cybersecurity, account takeover, fraud, and more

Viewing Regulation and Compliance

, , ,

What the NIST Privacy Framework Means for Password Policy

The new draft of the NIST Privacy Framework is ready for public privacy and security expert commentary. Send your feedback by the October 24 deadline.

Read More

, ,

Are PSD2 SCA Options Too Narrow in Scope?

On 09/14, PSD2 SCA requirements were introduced in the EU. It will help protect customers but why did they not consider lower-customer-friction options?

Read More

,

New Jersey Data Breach Notification Law

As of Sept 1st, 2019, businesses based in New Jersey are now required to notify impacted users of online account information exposed in a data breach.

Read More

,

GDPR Password Policy: Critical Components

Many businesses are still troubled by GDPR compliance and are confused about how the regulation applies to password policy.

Read More

, ,

Eliminating the Burden of Periodic Password Reset

NIST 800-63b password guidelines can improve user's experience with passwords, including the guideline to stop forcing periodic password resets for users.

Read More

, , , ,

A Guide to Law Firm Cybersecurity Risks & Ethical Compliance

Law firms are frequently targeted by hackers but the ABA's Formal Opinion 483 will guide law firm cybersecurity policy to protect firms and their clients.

Read More

,

What’s behind PCI’s New MFA Requirements?

Many have implemented MFA ahead of the new PCI requirement. Let's look at PCI's multi-factor implementation guidance that highlights some considerations, particularly around passwords that may otherwise be overlooked.

Read More

, ,

NIST Special Publication 800-63 is Final

The big changes to NIST password recommendations we’ve been talking about are now official: NIST 800-63 is final. It’s important to know that this overhaul is about more than just passwords. It’s a full reworking of digital identity guidelines with a suite of new documents and a flexible approach to using them.

Read More

, ,

Looking Closer at NIST Password Guidelines for Checking Compromised Passwords

NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?

Read More