The National Institute of Standards and Technology (NIST) has recently updated its guidelines on password rotation, advising against the once-standard practice of requiring users to change their passwords every 30, 60 or 90 days – unless an organization has experienced a data breach. This marks a significant shift from traditional cybersecurity policies that aimed to prevent breaches through frequent password changes. However, NIST’s new stance may seem at odds with the real-world needs of organizations focused on reducing security risks.
Understanding password rotation
Password rotation refers to the practice of regularly changing passwords to minimize the risk of unauthorized access to sensitive information. There are two primary types of password rotation: manual and automatic.
Manual password rotation requires users to update their passwords at set intervals, while automatic password rotation relies on technology to generate passwords and replace them without user intervention.
While manual password rotation has been common practice, it often has the unintended effect of leading to weak passwords and user frustration. In contrast, automated password rotation enhances security by regularly generating strong and unique passwords without the user burden of having to generate or remember them.
CEO & Co-Founder of Keeper Security.
NIST’s shift away from frequent manual rotation
NIST’s latest guidance discourages enforcing mandatory password changes every 30, 60 or 90 days unless there is evidence of a breach. This change stems from the realization that frequent mandatory password updates can lead to poor user behavior, such as…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
