One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1182982 |
| Date de publication | 2019-07-02 13:00:00 (vue: 2019-07-02 16:04:07) |
| Titre | Be the leader in the new password-volution: memorized secrets |
| Texte |
Remember when you were younger, and you wanted to do something that all your friends were doing, yet you knew your parents would never approve? Perhaps it was skating in that home-made “Half-Pipe”, or that time you wanted to try some equally dangerous stunt?
Of course, your parents disapproved, to which you probably responded with the time-honored refrain: “But everyone is doing it!” That was never a convincing argument. This probably added to the thrill, so you did it anyway (and you have the scars to prove it).
Do you ever wonder what would have happened if you were the first person to build that half-pipe? Would the parental support have been different? Would being the first be a special accomplishment? Would others follow?
As with many “firsts”, sometimes it is better to be second, third, or even fourth, as the development of a new idea may sometimes be too new, or too daring. Sometimes, it just needs the time to mature (remember MySpace, and its predecessor, Friendster?)
Here’s a “near-first” that you can try that poses no risks, and can increase your account security. Be the first to extend your password beyond the required minimum.
It has been over two full years since The National Institute of Standards and Technology (NIST) announced the replacement of the old password standards. If you don’t recall, some of the sweeping changes included:
Allow at least 64 characters in length to support the use of passphrases. Encourage users to make memorized secrets as lengthy as they want, using any characters they like (including spaces), thus aiding memorization.
Do not impose other composition rules (e.g. mixtures of different character types) on memorized secrets.
Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.
Yes, NIST doesn’t even call them passwords anymore – they are “memorized secrets”.
Two years later, and sadly, many folks I know are still conforming to the same old password rules. Why are we not bold enough to take the lead on this? Your organization may require a minimum of 8 characters, but they probably do not restrict you to 8 characters. Are you still using the minimum character length?
Now is the time to break free of the old password model and increase the length of your memorized secret. It’s a password-volution! The benefit that this serves is that when your organization finally adopts the NIST passphrase recommendation, you will be ahead of the curve. Raise your Latte in triumph, you non-conformist hipster!
In all seriousness though, this new approach of long passphrases is going to happen quicker than you may imagine. It is always better to become accustomed to a change before it is mandatory. Until the full NIST recommendation is adopted, we would still need to add uppercase and special characters to satisfy the old rule set, but that is always easy when a passphrase is being used. #EasyWhenUsingAPassphrase! See what I mean? That is a strong memorized secret!
Try it out, and be one of the first in your organization to adopt the new approach. Get into this habit before everyone is doing it.
Here’s wishing you the best for your password future.
 |
| Envoyé | Oui |
| Condensat | #easywhenusingapassphrase “but “half “memorized “near accomplishment account accustomed add added adopt adopted adopts ahead aiding all allow always announced any anymore anyway approach approve arbitrarily are argument authenticator become been before being benefit best better beyond bold break build but call can change changed changes character characters composition compromise conforming conformist convincing course curve dangerous daring development did different disapproved doesn’t doing don’t easy encourage enough equally even ever everyone evidence extend finally first first” folks follow fourth free friends friendster full future get going habit half happen happened has have here’s hipster home honored idea imagine impose included: including increase institute it’s its just knew know later latte lead leader least length lengthy like long made make mandatory many mature may mean memorization memorized minimum mixtures model myspace national need needs never new nist non not now old one organization other others out over parental parents passphrase passphrases password passwords perhaps periodically person pipe pipe” poses predecessor probably prove quicker raise recall recommendation refrain: remember replacement request require required responded restrict risks rule rules sadly same satisfy scars second secret secrets secrets” security see seriousness serves set since skating some something sometimes spaces special standards strong stunt support sweeping take technology than them third though thrill thus time too triumph try two types unless until uppercase use used user users using volution volution: want wanted what when which why will wishing wonder would years yet younger your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.