NIST password guidelines

A Brief Summary of NIST Password Guidelines

National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST related to the human factors that cause users to create …

Credentials

Exposure of NIH, WHO, and Gates Foundation Credentials Underscores the Critical Importance of Credential Screening

Earlier today, news broke that unknown activists have posted nearly 25,000 credentials belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other organizations engaged in the fight against the coronavirus pandemic. According to Souad Mekhennet and Craig Timberg at the Washington Post, “The lists, whose origins are unclear, appear to have first been posted …

7 Password Problems Solved by Enzoic Password Policy Enforcement

7 Password Problems Solved by Enzoic Password Policy Enforcement

There are many excellent password policy enforcement tools built into Active Directory. But the out-of-the-box AD functionality does not meet all the password standards and new password policy recommendations from NIST and other regulatory organizations. What can organizations do regarding password policy enforcement to increase security and decrease user friction, cost-effectively? The perfect storm of weak passwords More than 21 …