NIST 800-63B - If you are a #sysadmin you should be familiar with the 2022/2023 updates in regards to authentication security. Here's a summary. Link to the full publication EOF.
If you are in a specialized industry, or have other regulatory hurdles, then proceed as recommended by your security teams after consulting legal (or just read the damn laws yourself lol). LISTEN TO YOUR #SECURITYGEEKS!!
Checklist for aligning with #NIST’s new password guidance.
Updating a password strategy may not be an overnight process for most organizations. However, there are several steps you can keep in mind while working towards meeting NIST guidelines:
:finger_point: Update internal password policies: Organizations will want to make sure their password policies include the latest NIST’s recommendations, such as prioritizing length over complexity requirements and adjusting password expiration timings.
:finger_point: Use password filtering lists: Organizations will want to start looking at tools that allow using password filtering lists to prevent the use of well-known compromised passwords and commonly used passwords.
:finger_point: Move towards passphrases: End users likely need to be educated on the use of passphrases and taught the benefits of longer passwords. Use good examples to show how longer passphrases can be more memorable than short complex passwords.
:finger_point: Multi-factor authentication: Make MFA mandatory for all important systems and sensitive data. MFA solutions will provide an additional layer of defense against a cyberattack.
:finger_point: Move away from password hints and knowledge-based questions: Use secure recovery methods and get rid of weak password reset processes that relay on information that could be easily guessed by hackers.
:finger_point: Employee cybersecurity training: Update end users on why NIST guidelines are worth following and how it will help keep everyone safer from cyber-attacks.
https://pages.nist.gov/800-63-4/sp800-63b.html#AAL_SEC4
=> More informations about this toot | View the thread | More toots from Geekmaster@ioc.exchange
=> View sysadmin tag | View securitygeeks tag | View nist tag This content has been proxied by September (3851b).Proxy Information
text/gemini