Access your Pro+ Content below.
What new NIST password recommendations should enterprises adopt?
This article is part of the Information Security issue of February 2017, Vol. 19, No. 1
The National Institute for Standards and Technology, or NIST, is creating new guidelines for password policies, which will be adopted by the U.S. government. The Digital Authentication Guideline is up for public preview on GitHub and NIST's website. What are some of the significant changes in NIST's recommendations? Should enterprises consider adopting these password recommendations? Many enterprises and online services are looking to replace the much maligned password. Several financial service companies, for example, are rolling out biometric authentication options for their customers, and Google offers the option of two-factor authentication, where a verification code is sent to a user's mobile phone. However, there's still no universally accepted alternative to the password. So, despite its weaknesses, both in terms of security and practical use, many systems rely on it -- even if only as a fail-safe for when a user's fingerprint or voice can't be correctly identified. Since passwords are here to stay for a while longer, ...
Features in this issue
You can move your data to cloud-based systems and web services, but you can't hide it there. Hackers and predators have more ways to find it.
As head of FICO's information security program, Vickie Miller's role is wide-ranging.
NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.
Columns in this issue
With high sums paid, ransomware gets all the attention. But malware is not the only way that criminals gained control of enterprise systems, a new report shows.
Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider.