NIST 800-63B
Fortifying End-User Password Defences: Implementing NIST 800-63B Recommendations
The evolving landscape of cyber threats demands ever-stronger user authentication measures. Recognizing this, the National Institute of Standards and Technology (NIST) established NIST Special Publication 800-63B: a comprehensive set of best practices for digital identity and lifecycle management, including crucial insights for bolstering password security.
NIST-Recommended Actions
1. Thwarting Recycled Passwords: Breached password lists are treasure troves for attackers. Implementing real-time checks against these lists during password creation prevents users from unwittingly employing compromised credentials. This proactively mitigates the risk of unauthorized access through recycled passwords.
2. Dictating Password Diversity: Banishing simple dictionary words from the password lexicon is essential. Consider incorporating a dynamic, context-aware dictionary that evolves alongside real-world threats. This dynamic approach proactively blocks predictable passphrases, while staying agile against emerging attack vectors.
3. Curbing the Sequential: Preventing repetitive or incremental passwords like "password123" and "password124" eliminates predictable patterns vulnerable to brute-force attacks. Enforce a minimum password history to ensure users move beyond sequential iterations.
4. Context is Not King: Disallowing context-specific words related to usernames, employee IDs, or personal information significantly reduces the risk of guessable passwords. This mitigates the threat of social engineering attacks or compromised internal databases exposing context-sensitive details.
5. Length Matters More Than Complexity: The longstanding myth of complex password requirements has been debunked. NIST emphasizes prioritizing password length. Enforce a minimum of 12 characters, ideally longer, to significantly enhance password strength.
MyID PSM and NIST compliance
MyID PSM goes beyond mere compliance, enhancing user experience through features such as password self-service which vastly reduces help desk costs for an organisation in changing passwords. As an organisation, implementing MyID PSM empowers you to achieve the perfect balance between robust security and user convenience. By adopting these NIST-recommended practices and leveraging the comprehensive capabilities of MyID PSM, organisations can significantly strengthen their employees password defences, ultimately mitigating some of the risk of unauthorized access and data breaches.
Leveraging MyID PSM for Seamless Compliance:
MyID Password Security Manager (MyID PSM) empowers organizations to effortlessly implement and manage these NIST-recommended measures. MyID PSM's robust features directly address each guideline:
- Breached Password List Integration: Real-time verification against constantly updated breached password lists.
- Dynamic Dictionary Engine: Context-aware lexicon that proactively adapts to evolving attack patterns.
- Password History Enforcement: Customizable minimum password history settings to eliminate sequential iterations.
- Customizable Password Policy Engine: Granular control over permitted and prohibited characters, patterns, and dictionaries.
- Minimum Password Length Enforcement: Seamless implementation of longer password requirements.
Password Breach Database
Our Password Breach Database receives in excess of three million updates each day. It is the leading enterprise collection consisting of 8 billion compromised clear text credentials, making it 55% more substantial than widely shared free databases.
We gather data from an array of sources, such as mainstream news outlets, online forums, torrents, paste bins and other areas of the dark web. The preserved data is subsequently cleansed and assessed for its credibility before integration into the database.
Our password breach database has numerous benefits, including:
- Protecting Your Business Reputation
- Preventing Poor Password Practice
- Avoiding Excessive Data Fines
- Ensuring NIST SP 800-63B Compliance
Trusted by Governments and Enterprises Worldwide
Where protecting systems and information really matters, you will find Intercede. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.
