Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New NIST Password Guidelines + Changing Password Length Policy #442

Open
mdueltgen opened this issue Oct 1, 2024 · 2 comments
Open

New NIST Password Guidelines + Changing Password Length Policy #442

mdueltgen opened this issue Oct 1, 2024 · 2 comments
Assignees
@mdueltgen
Labels
Baseline Revision Internal Discussion
Milestone
Driftwood

Comments

@mdueltgen
Copy link
Collaborator

https://cybersecuritynews.com/nist-rules-password-security/
https://pages.nist.gov/800-63-3/sp800-63b.html

New NIST Guidelines change password recommended length to 15 so GWS.COMMONCONTROLS.5.2v0.3 should be updated from the current length of 12
@mdueltgen mdueltgen added this to the Driftwood milestone Oct 1, 2024
@mdueltgen mdueltgen self-assigned this Oct 1, 2024
@adhilto
Copy link
Collaborator

adhilto commented Oct 1, 2024

NIST's guidance is: "Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length." We might want to also adopt as split SHALL/SHOULD approach here as well rather than just upping the SHALL minimum to 15.

@mdueltgen
Copy link
Collaborator Author

Agreed we should follow NIST guidance, we will need to split into two policies of
Shall be minimum 8
Should be minimum of 15

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mdueltgen mdueltgen

Labels
Baseline Revision Internal Discussion
Projects
None yet
Milestone
Driftwood
Development

No branches or pull requests
2 participants
@adhilto @mdueltgen