Below you'll find a list of all posts that have been tagged as “NIST Password Guidelines”
The 2022 Experian Data Breach Industry report covers the impact of breaches over the past year and turns an eye towards the upcoming months as well, forecasting implications for the continued barrage of cyberattacks. The report covers trends in the digital landscape that have manifested due to natural disasters and gambling sites (leading to more phishing scams), as well as …
Password authentication isn’t going anywhere anytime soon. It’s part of our culture, users and employees are accustomed to it, and many systems depend on the “what you know” layer. Newer technologies like biometrics might work in certain situations, but they won’t replace passwords altogether anytime soon. In our series on password security, we’ve talked about some worrying trends, the myths …
People have been relying on password-based security for millennia. The Roman military reportedly used what they called “watchwords” to identify soldiers on patrol. Exclusive groups and guilds used secret passwords to prove membership. The phrase “open sesame” protected hidden treasure in the story of Ali Baba and the Forty Thieves. In more recent times, the world’s first computer passwords were installed …
There is no evidence to suggest that data breaches will become less frequent or less serious in 2021. In fact, as more of the population now works from how the risks are increasing. To counter this threat, organizations really need to upgrade their risk management strategy to pinpoint the reasons why and how so many companies and individuals are being …
One of the most effective ways to increase the strength of your network’s security is to screen users’ passwords against a list of dictionary passwords and known compromised passwords. Password vulnerabilities remain a major entry point for hackers. Over the last few years, password policy has evolved in significant ways. NIST password guidelines now indicate that using a password blacklist …
How Hackers Are Actually Using Exposed Passwords to Infiltrate Active Directory Recent reports like the Verizon DBIR have noted that stolen credentials are often the foothold that attackers use to compromise networks and systems. A simple phishing or credential stuffing attack becomes the entry point for a much larger enterprise, like data theft, ransomware, or system hijacking. This is rather …
Working from home used to seem something of a luxury, reserved for those whose work might not rely on customer interaction or face to face meetings. But since April of this year, the number of people working from home has dramatically increased, due to the risks associated with COVID-19. This trend has spanned most major sectors of the industry—education, healthcare, …
Why organizations need to react urgently to the state of password security, according to data from 451 Research In a recent brief titled “Love ‘em or Hate ‘em, Passwords Are Here to Stay,” 451 Research indicated that despite the stirrings of a passwordless revolution, the widespread use of passwords won’t be changing in the foreseeable future. The 451 brief points …
National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST related to the human factors that cause users to create …
Earlier today, news broke that unknown activists have posted nearly 25,000 credentials belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other organizations engaged in the fight against the coronavirus pandemic. According to Souad Mekhennet and Craig Timberg at the Washington Post, “The lists, whose origins are unclear, appear to have first been posted …
