NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot.

Read More:
NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

Upload Response

Your data will be stored in the mainframe. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.