Abstract or Summary:
While we often discuss examples of poor password requirements, it’s also useful to consider a sample set of good requirements and practices. NIST Special Publication 800-63, which defines authentication requirements for Federal Government agencies, is currently being revised and seeks to establish requirements that are aligned with current understanding of threats and user behavior. This talk will discuss the rationale for these changes and opportunities for comment.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=nXg-kh7fKEE