Old rules which required complex and frequent changing of passwords are being discarded in favor of never-expiring, long passphrases and/or multi-factor authentication (MFA).
References:
References:
- Intelligence Community Standard Number 500-16, Password Management, 16 March 2011.
- Army Regulation (AR) 25-2, Information Management Information Assurance, Section IV Procedural Security, 4-12. Password Control, 23 March 2009.
- Army Best Business Practice (BBP) Army Password Standards, 04-IA-O-0001, Version 2.5, 1 May 2008.
- NIST SP 800-63B
- Thycotic Academy Privileged Password Security Training Certification
- Tech Pro Research Password Management Policy
- '12345' Is Really Bad: Your Ultimate Guide to Password Security
- What Your Password Policy Should Be (scmagazine.com)
No comments:
Post a Comment