As data breaches become the cyber criminals' route to easy money, password hygiene is still in the dark ages and yet cyber security professionals seem to be debating whether or not passwords will still be around in the mid to long term. Is this the right place to be spending time, or should the industry be accepting that passwords are here to stay, and that the hygiene factor needs to be drastically improved. NIST are weighing into the discussion by providing detailed and sensible guidelines. Now all we need is for them to be acted upon.
The Special Publication (SP) 800-63 suite provides technical requirements for federal agencies implementing digital identity services. The publication includes: an overview of identity frameworks; using authenticators, credentials, and assertions in a digital system; and a risk-based process to select assurance levels. Organizations have the flexibility to choose the appropriate assurance level for their needs. SP 800-63 comprises a suite of documents that can be used independently or in concert to meet identity needs.