Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Survey of 2600 IT Pros: "Password Procedures Still Are A Cyber Security Fail"


After the NIST passwords bombshell, we surveyed 2,600 IT professionals to find out how they were managing passwords The answers show that IT Pros are generally receptive to the proposed pass phrase concept suggested by NIST.

NIST Special Publication 800-63B, “Digital Identity Guidelines,” states: “Many attacks associated with the use of passwords are not affected by password complexity and length. Keystroke logging, phishing, and social engineering attacks are equally effective on lengthy, complex passwords as simple ones. This means that password complexity has failed in practice." Verizon's latest Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords, supporting the NIST conclusion.

This password bombshell will make you scratch your head...

OK, this is a headscratcher. This is why we were surprised.  I found it in a Wall Street Journal article today (paywall).

Bill Burr, the author of “NIST Special Publication 800-63. Appendix A.” which covers “traditional” password complexity requirements, has said that password complexity has failed in practice

Whoa Nellie.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews