Bruce Schneier recently observed that NIST\'s new password best practices docume

Question

Bruce Schneier recently observed that NIST's new password best practices document (SP800-63b) has changed password selection guidelines in key ways:

https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html

He highlights 3 changes:

1. Reduce or eliminate password complexity rules (e.g., requiring a certain number of upper, lower, number, special characters)
2. Eliminate password expiration requirements
3. Enable passwords to accept copy-pasted inputs.

In a brief essay of approximately 200-300 words total, for each change, describe (1) the rationale for the original rule, (2) the rationale for the changed rule, and (3) your judgment on whether the rule should be changed with supporting evidence.

Explanation / Answer

Bruce Schneier has highlighted 3 changes:

Now we will discuss in-depth of those changes.

1. Reduce or eliminate password complexity rules.
Password complexity means having a certain number of upper, lower, number, special characters.
Original Rule: The Original rule was to set a complex password so that we can restrict anonymous persons to track your password. And if we have a complex password then there will be fewer chances to break the password.
Changed Rule: The changed rule is telling that we have to reduce or eliminate the password complexity rules, why because it's a general human tendency to forgot the complex passwords as we have a lot of accounts and It's a difficult to remember all of those passwords.
Judgement: If we have a complex password then there will be fewer chances to break the password by hackers. Finally, the password is more complex then the security is more.

2. Eliminate password expiration requirements.
Original Rule: Present days we have a password expiration rule to prevent keep on using the same password since long ago for some of the major accounts.
Changed Rule: The changed rule is telling that we have to eliminate the password expiration requirement. Why, because It's very difficult to remember all those changed passwords, and It's very difficult to keep on changing the passwords.
Judgement: It's very useful to keep on changing the passwords for a specified time period. Otherwise, It's very easy to crack the password by the hackers.

3. Enable passwords to accept copy-pasted inputs.
Original Rule: The original rule is to deny the copy-paste activity in the password textbox field.
Changed Rule: We have to enable password textbox field to accept copy-pasted inputs. By doing this we can reduce our efforts to type all the password in the password textbox field. And It's very easy to copy-paste the password than typing the whole password.
Judgement: As of my knowledge It's better to avoid copy-pasting the passwords in the password textbox. Otherwise, any other people can easily crack the passwords by the copy-paste activity.

Related Questions

Navigate

• Browse (All)
• Browse B
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.