Lukasz OlejnikSep 24, 2024
GREAT change is approaching. NIST will standardise prohibition of requirement of composing passwords from various character styles, and requirement for periodic password changes. These are harmful and obsolete rules. Now they will be treated as a cybersecurity weakness https://pages.nist.gov/800-63-4/sp800-63b.html
NIST Special Publication 800-63B

NIST Special Publication 800-63B

Show threadJake CarpenterSep 24, 2024
@LukaszOlejnik Unfortunately it's all completely meaningless until the ISO 27001:2022 follows. It is chock full of hard requirements that are direct contradictions of the NIST.
Show threadBrad Ackerman
@jakecarpenter @LukaszOlejnik Fortunately, my current customer set puts NIST first. I don't even know if they look at 27001.
Sep 25, 2024 at 4:52pmWeb