Security News > 2022 > January > US govt provides new guidelines for authentication systems

US govt provides new guidelines for authentication systems
2022-01-04 20:59

While this new report outlines authentication requirements for government agencies, they are also excellent guidelines for all fields and user levels.

On the strength of passwords, NIST underlines that the requirements of using special characters, for example !$#%&, are obsolete since users still tend to add something that will keep the password memorable.

NIST's guidelines require that biometric authentication only be used along with multi-factor authentication such as a security key or OTP authenticator.

"Biometrics SHALL be used only as part of multi-factor authentication with a physical authenticator," reads the new NIST guidelines.

From a user's perspective, install a password manager and let it generate as long passwords as allowed on each site.

As password-managers commonly utilize web browser extensions that autofill your password, you will not be required to remember and can benefit from strong and unique passwords at every site you visit.


News URL

https://www.bleepingcomputer.com/news/security/us-govt-provides-new-guidelines-for-authentication-systems/