NIST Drops Password Complexity, Mandatory Reset Rules
September 26, 2024 at 08:32AM NIST’s latest password guidelines (SP 800-63-4) no longer recommend using a mix of character types or regular password changes. They suggest CSPs stop mandating specific password types and periodic changes, and reduce knowledge-based authentication usage. The new guidelines stress a minimum 15-character length, allowing up to 64 characters, and incorporating … Read more