[Cryptography] NIST Updates Password Recommendations: WOW!

Kent Borg kentborg at borg.org
Wed Nov 23 11:40:31 EST 2016

I haven't read the actual NIST publication yet, but the TL;DR from 
has some nice stuff in it. Such as saying quit forcing users to change 
passwords for no reason, and don't use SMS as a two-factor device.

I hope people read it--I have it in my queue. Looks like a lot of 
longstanding dogma gets finally gets thrown under the bus.

The full NIST version: https://pages.nist.gov/800-63-3/

Their github (!) sources: https://github.com/usnistgov/800-63-3

-kb, the Kent who doesn't know whether they say to write down passwords 
with paper and pencil.

More information about the cryptography mailing list