Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Passwords have taken a beating over the past several years, and there seems to be little question among leading practitioners that the antiquated method of authentication needs a hefty remodel. To give an idea of scale, we assessed the biggest 1,000 organizations in world and found that, across over 30,000 different breaches, 97% of these organizations had leaked corporate emails online. This should serve as a cautionary tale for all organizations to carefully examine their own password management practices. Following Microsoft’s updated password recommendations, the US National Institute for Standards and Technology (NIST) has recently come out with its own updated password guidelines.
When two major security industry influencers come to such similar conclusions, it’s a strong signal that companies should take a hard look at their password policies – both for their internal systems and their externally-facing services that have an identity store.
Many of the NIST guidelines are recommendations only, but a number of them are requirements that all federal government agencies must follow. That’s a broad reach of influence – but it’s even wider than that, because many corporate security professionals use them as base standards and best practices when forming policies for their companies in the private sector. Here is a quick overview of main changes the NIST has proposed:
Many enterprises and online services are looking to replace the much-scorned password. Several financial service companies, for example, are rolling out biometric authentication options for their customers, as well as a myriad of two-factor authentication options. However, there’s still no universally accepted alternative to the password. So, despite its weaknesses, both in terms of security and practical use, many systems rely on it, and since passwords are here to stay for a while longer, it’s refreshing to see research by NIST looking at how to make password authentication more robust and more user-friendly.
Although the NIST Digital Authentication Guideline governs Federal sites, its tenets are good standards for any site or system with authentication requirements. Overall, the new guidelines put the user experience at the forefront while also establishing robust efforts into system fortification and authentication methods. Credentials are incredibly valuable to attackers, who use them for a range of activities, including post-breach extortion, phishing and account takeovers. As organizations begin to better understand the implications of breaches, NIST is a great resource for guidance on passwords.