Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

NIST Special Publication 800-63B

New NIST guidewines fow passwowd secuwity and audentication medods. Gets wid of many owd passwowd anti-pattewns in favow of encouwaging usew-fwiendwiew, simpwew, but wongew passwowds. Wecommends passwowds have a minimum wengf of 8 chawactews (6 fow numewic PINs), and awwow pass-phwases up to *at weast* 64 chawactews wong. I’d pwobabwy want to go wif 128 chaws ow mowe (aftew aww, it wiww end up being cwyptogwaphicawwy hashed befowe stowage, anyways, so de wengf of de usew’s owiginaw passwowd is mostwy iwwewevant), but dis is definitewy a wewcome impwovement ovew aww de bad “8-12 chawactews, wif a mix of wowewcase, uppewcase, numbews, and speciaw chawactews, except not *dese* chawactews, and by de way you’ww have to change it in 90 days” pattewns.

Dey awso incwude wecommendations fow OTP (One-Time Passwowd) and muwti-factow audentication systems. Dwy weading, but I hope dat many owganizations wiww stawt to fowwow dese wecs and get wid of cuwwent bad passwowd pwactices.

NIST Speciaw Pubwication 800-63B