Featured Research

from universities, journals, and other organizations

New Guidelines For Organization-wide Password Management

Date:
April 23, 2009
Source:
National Institute of Standards and Technology
Summary:
When an employee has so many complex passwords to remember that he keeps them on a sticky note attached to his computer screen, that could be a sign that your organization needs a wiser policy for passwords, one that balances risk and complexity. New guidelines for institution-wide password management issued by NIST could help.

When an employee has so many complex passwords to remember that he keeps them on a sticky note attached to his computer screen, that could be a sign that your organization needs a wiser policy for passwords, one that balances risk and complexity, explains computer scientist Karen Scarfone. Scarfone is co-author of new guidelines for agency-wide password management issued for public comment by the National Institute of Standards and Technology (NIST).

Related Articles


Designed for federal government agencies, the new Guide to Enterprise Password Management (NIST Special Publication 800-118) can be useful to industry as well to aid in understanding common threats against character-based passwords and how to mitigate those threats within the organization. The guide covers defining and implementing password policy, educating users and measuring the effectiveness of password policies.

Passwords are a key line of defense for an organization’s data security. Passwords are used to protect data, systems and networks. Effective management reduces the risk of compromising password-based authentication mechanisms. Topics addressed in the guide include defining password policy requirements and selecting centralized and local password management solutions.

One of the document’s key purposes is to assist organizations in understanding common threats against their character-based passwords and how to mitigate those threats. Agencies need to consider using several mitigation strategies, including secure storage and transmission of passwords, user awareness activities, and secure password recovery and reset mechanisms.

The guide also is designed to raise awareness of the changing threats against passwords. Most organizations’ password policies rely primarily on password strength—an organization might require, for example, that passwords be a certain length and include a variety of letters, digits and symbols. These policies were created to protect against brute-force password guessing and cracking.

“Strong passwords don’t help as much any more because the threats have changed. Phishing attacks and other forms of social engineering trick users into revealing their passwords. Spyware in web browsers and keystroke loggers provide attackers with all the keystrokes someone makes, including passwords,” Scarfone said. Using effective password management as described in the guide will reduce the likelihood and impact of password compromises, she explained. The guide recommends that users be educated about threats against passwords and how they should respond. The publication also suggests that for some applications with high security needs, password-based authentication should be replaced with, or supplemented by, stronger forms of authentication such as biometrics or personal identity verification (PIV) cards.


Story Source:

The above story is based on materials provided by National Institute of Standards and Technology. Note: Materials may be edited for content and length.


Cite This Page:

National Institute of Standards and Technology. "New Guidelines For Organization-wide Password Management." ScienceDaily. ScienceDaily, 23 April 2009. <www.sciencedaily.com/releases/2009/04/090423105900.htm>.
National Institute of Standards and Technology. (2009, April 23). New Guidelines For Organization-wide Password Management. ScienceDaily. Retrieved November 27, 2014 from www.sciencedaily.com/releases/2009/04/090423105900.htm
National Institute of Standards and Technology. "New Guidelines For Organization-wide Password Management." ScienceDaily. www.sciencedaily.com/releases/2009/04/090423105900.htm (accessed November 27, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Thursday, November 27, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

EU Pushes Google For Worldwide Right To Be Forgotten

EU Pushes Google For Worldwide Right To Be Forgotten

Newsy (Nov. 27, 2014) Privacy regulators recommend Google expand its requested removals to apply to all its web domains. Video provided by Newsy
Powered by NewsLook.com
Predictions Of Tablets' Demise Sound Familiar

Predictions Of Tablets' Demise Sound Familiar

Newsy (Nov. 26, 2014) The tablet's days are numbered, at least according to a recent IDC report. The market-research firm paints a grim outlook for tablets. Video provided by Newsy
Powered by NewsLook.com
Today's Prostheses Are More Capable Than Ever

Today's Prostheses Are More Capable Than Ever

Newsy (Nov. 26, 2014) Advances in prosthetics are making replacement body parts stronger and more lifelike than they’ve ever been. Video provided by Newsy
Powered by NewsLook.com
FCC Forces T-Mobile To Alert Customers Of Data Throttling

FCC Forces T-Mobile To Alert Customers Of Data Throttling

Newsy (Nov. 25, 2014) T-Mobile and the FCC have reached an agreement requiring the company to alert customers when it throttles their data speeds. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins