Recommended time between password resets.
Although a password that is changed often is, in theory, stronger, the problem is the human factor involved. People tend to reuse passwords, simply add one letter/digit to the end of their existing password, writes the password down in insecure places, and more. If a user's password was compromised, and then the user changes their password by simply adding one more character, it is very easy to guess by malicious actors/programs.
According to NIST Special Publication 800-63B, "Digital Identity Guidelines" 10.2.1 Usability Considerations by Authenticator Type, it is recommended that admins enforce stronger, difficult-to-guess passphrases rather than changing passwords at predetermined intervals.
"Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise."
Using GateKeeper Proximity, admins can easily enforce very long passwords without employees having to memorize or type any of the passwords. Users can login hands-free and without typing passwords. Instead of relying on occasional password resets, we recommend setting up longer passwords using our password manager.
For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
---------------
GateKeeper key-based login; NIST recommendations for password change; NIST recommendations for password reset schedule; NIST recommendations for password changes; NIST recommendations for passphrase change; NIST recommendations for password rotations; NIST recommendations for password rotation; NIST recommendations for password schedule; NIST recommendation for password reset schedule; how often to change passwords?; NIST standard for password reset;
Comments
0 comments
Please sign in to leave a comment.