Users are accumulating more and more passwords, and many of the recent breaches are the direct result of their compromise. As hackers find new ways to exploit password-protected systems, widely accepted password policies, such as character complexity and periodic password expirations, must be scrutinized.
With authorities such as NIST challenging the status quo, and an abundance of real-life data to shape future best practice, it may be time to evaluate existing password policies.
This whitepaper weighs conventional best practices against the new Digital Identity Guidelines from NIST. It examines the extent to which the NIST recommendations have impacted compliance requirements, such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes–Oxley Act (SOX) and ultimately formulates a strategy that aligns password security best practice with compliance needs.