When users change their passwords every 90 days, they often aren't dramatically changing the password, Grassi says.
"I'm pretty sure you're not changing your entire password; you're shifting one character," he says. "Everyone does that, and the bad guys know that."
Well, they do now!! Thanks a lot Mr. Grassi!
Guess I'll have to start changing
two letters!!!
The new Guidelines are published here:
https://pages.nist.gov/800-63-3/sp800-63b.htm CAUTION! Reading this manual will cause severe eyelid drooping and may cause neck injury from sleep induced head falling!! Please have a responsible adult carefully watch you for signs of boredom!!
No responsible adult available? How about reading a report in a much shorter and sixth grade English:
All-Tech Considered storyI wondered why this 'news' seemed a bit late, I'd swear I'd read about it earlier this year. This article explains why it's getting some attention, again:
?Much of what I did I now regret,? [former NIST manager Bill Burr] the now-retired 72-year-old told The Wall Street Journal.For those who prefer graphical guides, I offer this:
Password StrengthWith my limited vocabulary and decreasing memory cells, I'm sticking with my password manager! But it wouldn't hurt to start creating multi-word pass phrases instead of the random characters it usually offers.