Common Sense Means Rethinking NIST Password Rules

“Davide” (a real person, but not his real name), a mid-level executive at a major international bank, would not be overly difficult to hack.

Like many employees of highly regulated financial-services firms, Davide is required to change his passwords at work regularly — any time between once a week and once a month.

Do you think that Davide spends several minutes thinking carefully about a difficult password with sufficient entropy every week as he goes about his business? Or do you think that he uses a random character generator?

Source: www.securitynow.com
Read full article