In the past, organizations have required users to change their passwords frequently, every one to three months; This is a practice based on “outdated security beliefs.” However, NIST notes that when strong, randomly generated passwords are used, frequent changes can weaken the password as users prefer simpler passwords that they can remember. The new guidelines require a minimum password length of 15 characters and allow the use of Unicode characters.
Additionally, NIST instructs organizations not to implement complex password rules or force users to add security questions.
NIST is seeking public comments on the proposed recommendations through October 7.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
