Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 132

In 2017, the U.S. National Institute of Standards and Technology (NIST) has updated its password and passphrase policy recommendations. (See https://pages.nist.gov/800-63-3/sp800-63-3.html.) Based on many years of industry experience and with input from security researchers and academics alike, NIST's new recommendations overturn many of password policies that have been in widespread use for decades. For example, NIST no longer recommends requiring a periodic reset of user passwords, as this tends to promote poorer password hygiene among users. NIST also recommends against classical ideas of password complexity for the same reason. Many of these recommendations are reflected in this chapter; study them and see how they can be put to use to improve your organization's security posture.