The National Institute of Standards and Technology (NIST) has recently updated its guidelines on password rotation, advising against the once-standard practice of requiring users to change their passwords every 30, 60 or 90 days – unless an organization has experienced a data breach. This marks a significant shift from traditional cybersecurity policies that aimed to prevent breaches through frequent password changes. However, NIST’s new stance may seem at odds with the real-world needs of organizations focused on reducing security risks.

Understanding password rotation

Password rotation refers to the practice of regularly changing passwords to minimize the risk of unauthorized access to sensitive information. There are two primary types of password rotation: manual and automatic.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *