ICYMI last week, Finally after we have been hounding them for 15 years, NIST Revised their Identity Guidelines, Including Password Requirements (SP800-63-4) suggesting that credential service providers (CSPs) stop recommending passwords using several character types and stop mandating periodic password changes unless the authenticator has been compromised. Other notable recommendations include passwords between 15 and 64 characters long and CSPs should allow ASCII and Unicode characters to be included in passwords. Accessible here:
Comments