Below you'll find a list of all posts that have been tagged as “NIST 800-63b”
Data Privacy Day is a chance for businesses to engage with their customers and clients in a way that builds trust, inspires customer loyalty, and enhances the business’s reputation. When an organization demonstrates that they care about protecting consumers’ privacy–they are in effect letting clients know that their information, data, and choices are safe with the business. In 2022, this …
West-Mark is an ISO 9001 certified manufacturer of trucks and trailers based in the western United States. Their high-quality manufacturing process helped them become an essential supplier for the US Department of Defense and the United States military. However, being in this part of the nation’s supply chain makes West-Mark a potential target for cybercriminals. To manage the risk, West-Mark …
Password authentication isn’t going anywhere anytime soon. It’s part of our culture, users and employees are accustomed to it, and many systems depend on the “what you know” layer. Newer technologies like biometrics might work in certain situations, but they won’t replace passwords altogether anytime soon. In our series on password security, we’ve talked about some worrying trends, the myths …
National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST related to the human factors that cause users to create …
NIST recommends rejecting passwords used for online guessing attacks and also eliminating periodic password expiration- unless the password is compromised. While these requirements make sense given current cyber threats, they don’t precisely fit historic password policies. NIST has recommended new password policy guidelines for Active Directory that can help. So how can you easily implement a modern password policy? And …
Enable automated password policy enforcement with daily password auditing and customizable remediation. With compromised password detection, custom password dictionary, fuzzy matching with common character substitutions, and continuous ongoing monitoring; enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords in Active Directory. Organizations can adopt NIST password standards to screen for weak, commonly-used, expected, and compromised passwords. Then they …
Reasons Why NIST Password Requirements Should Drive Your Password Strategy in 2021 Despite the doubters claiming that passwords will go the way of overhead projectors, they are still prevalent. They are still the backup factor for most other authentication solutions and show no sign of extinction because every organization has a password-supported infrastructure in place. Fortunately, the National Institute of …
There are many excellent password policy enforcement tools built into Active Directory. But the out-of-the-box AD functionality does not meet all the password standards and new password policy recommendations from NIST and other regulatory organizations. What can organizations do regarding password policy enforcement to increase security and decrease user friction, cost-effectively? The perfect storm of weak passwords More than 21 …
The Industry’s 1st Active Directory Plugin That Helps Organizations Prevent Use of Compromised Passwords According to NIST 800-63b Guidelines. Passwords remain the primary method for protecting employee accounts yet passwords also continue to be a major threat vector to businesses and organizations year-after-year because of use of unsafe credentials. According to Verizon’s 2019 Data Breach Investigations Report, 29% of …
The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords, including eliminating the forced periodic password reset. The most publicized recommendation is throwing away password complexity rules and this recommendation is still hotly contested on many security forums. However, what really catches the attention of most Active Directory and system admins, is the instruction …
