ZeroDay BaeNov 11

New write-up: Responding to NIST’s 2025 password guidance (SP 800-63B-4)

Key takeaways:
• Length and screening beat complexity
• Stop forced resets unless compromised
• Allow paste, spaces, and Unicode
• Passwords are not phishing resistant. Use passkeys or FIDO2 for real protection.

Read: https://www.kylereddoch.me/blog/responding-to-nists-2025-password-standard-update-sp-800-63b-4/

#NIST #SP80063B #Identity #Passwords #Passkeys #MFA #Cybersecurity

Responding to NIST’s 2025 Password Standard Update (SP 800-63B-4)

What changed in NIST’s 2025 password guidance, why it matters, and how to update policies, controls, and user experience without breaking your estate.

Kyles Tech Korner