Sweet vindication… Back in the late 90s and early aughts when I was teaching public accounting firms and internal audit teams how to audit Active Directory, I suggested that it would be better to train users to memorize good passwords and reward them by not forcing them to constantly change their password. That idea was usually received as anathema. Changing your password every X days was received knowledge of the holiest kind.
Well, check out what the Applied Cybersecurity Division of the NIST says in NIST SP 800-63B. Their guidance states that we “SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).” Those capitals are from the NIST.
But that’s only the beginning. As an industry we are starting to recognize that passwords aren’t going away anytime soon and much of our long-held beliefs about how to mitigate the risk of memorized secrets actually increase risk – when you take into account the factor of human behavior.
In this real training for free webinar, we will dive into the latest guidance from the NIST. Get ready to re-think password security. We will discuss the new and surprising guidelines for:
- Password change policy
- Password complexity
- Password length
- Account lockout
I will go in to the reasons and rational behind the new best practices and show you how to implement them in Active Directory’s:
- Domain account policy
- Granular password setting objects
- Notification Packages
- Lockout settings
Our sponsor, ManageEngine, is the perfect fit for this webinar and Vivin Sathyan will show you how their unique ADSelfService Plus - password self-service offering helps you implement enhanced password security best practices recommended by NIST such as checking passwords against a list of well-known passwords.
Please join us for this real training for free session.