PRO+ Premium Content/Information Security
Access your Pro+ Content below.
What new NIST password recommendations should enterprises adopt?
This article is part of the Information Security issue of February 2017, Vol. 19, No. 1
The National Institute for Standards and Technology, or NIST, is creating new guidelines for password policies, which will be adopted by the U.S. government. The Digital Authentication Guideline is up for public preview on GitHub and NIST's website. What are some of the significant changes in NIST's recommendations? Should enterprises consider adopting these password recommendations? Many enterprises and online services are looking to replace the much maligned password. Several financial service companies, for example, are rolling out biometric authentication options for their customers, and Google offers the option of two-factor authentication, where a verification code is sent to a user's mobile phone. However, there's still no universally accepted alternative to the password. So, despite its weaknesses, both in terms of security and practical use, many systems rely on it -- even if only as a fail-safe for when a user's fingerprint or voice can't be correctly identified. Since passwords are here to stay for a while longer, ...
Features in this issue
-
Looming cloud security threats: How attacks will follow your data
You can move your data to cloud-based systems and web services, but you can't hide it there. Hackers and predators have more ways to find it.
-
Role of CISO: FICO enlists CISO in security product management
As head of FICO's information security program, Vickie Miller's role is wide-ranging.
Columns in this issue
-
Recent ransomware attacks: Data shows 50% growth in 2016
With high sums paid, ransomware gets all the attention. But malware is not the only way that criminals gained control of enterprise systems, a new report shows.
-
Uncharted path to IT and compliance with Digital River's Dyann Bradbury
Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider.