May 9, 2017 06:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ocOfRO3-SvU/nists-draft-to-remove-periodic-password-change-requirements-gets-vendors-approval
NIST's Draft To Remove Periodic Password Change Requirements Gets Vendors' Approval
An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology's digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: "Remove periodic password change requirements." There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ocOfRO3-SvU/nists-draft-to-remove-periodic-password-change-requirements-gets-vendors-approval
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot