NIST’s new password rules – what you need to know

contributor : May 29, 2017

Category One

One of the biggest changes proposed by the new NIST Digital Identity Guidelines is getting rid of mandatory password changes.  This would mean no longer changing your password every 90 days, which I agree with and most users will welcome with open arms.

This, along with a few other interesting twists make this well worth a read.

If you don't want to read the whole document, Chester Wisniewski over at Sophos did a great job of summarizing the key points here:
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
New FFIEC IT Management Booklet: What your Board Needs to Know

New FFIEC IT Management Booklet: What your Board Needs to Know

Chris Bedel : Dec 9, 2015

Gone are the days where the Board of Directors at a financial institution could assign the responsibility of Information Security (now called...

Category One
Read More

FFIEC Cyber Tool Needs Urgent Revamp

Chris Bedel : Jan 20, 2016

The Federal Financial Institutions Examination Council's new Cybersecurity Assessment Tool needs to be redesigned - and the sooner, the better. The...

Category One
Read More
Want stronger passwords? Understand these 4 common password security myths.

Want stronger passwords? Understand these 4 common password security myths.

contributor : Oct 7, 2017

Fahmida Y. Rashid at CSO online recently wrote an article on passwords that's worth a look at. She takes the approach of disrupting our current...

Category One
Read More