mixtures of different character types) on memorized secrets. Do not impose other composition rules (e.g.Encourage users to make memorized secrets as lengthy as they want, using any characters they like (including spaces), thus aiding memorization. Allow at least 64 characters in length to support the use of passphrases.Clearly communicate memorized secret requirements.Clearly communicate information on how to create and change memorized secrets.When users create and change memorized secrets:.To quote the document directly (in which I have bolded three key items): This section has some very advanced, yet timely guidance about passwords, or as NIST likes to call them, “Memorized Secrets”. While each of these documents are helpful in many regards, the one that will impact the security industry with the broadest reach is the Authentication and Lifecycle section. The Special Publication, 800-63-3, includes sections that cover Enrolment and Identity Proofing Requirements, Federations and Assertions guidelines, and Authentication and Lifecycle Management. The National Institute of Standards and Technology (NIST) has issued a new draft of its Digital Identity Guidelines.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |