Specops Software has some useful advice to share and some of it may be surprising,
Password security is changing — and updated guidelines from the National Institute of Standards and Technology (NIST) reject outdated practices in favor of more effective protections.
Don’t have time to read the 35,000-word guidelines? No problem. Here are the six takeaways from NIST’s new guidance that your organization needs to know to create password policies that work.
1. Password length > password complexity
2. Facilitate longer passwords
3. Implement MFA
4. Avoid frequent password changes
5. Prevent the use of already-breached passwords
6. Discontinue password hints and other knowledge-based recovery
Read moare about the six recommendations at BleepingComputer.