7 Unconventional Pieces of Password Wisdom

Challenging common beliefs about best practices in password hygiene.
Passwords Aren't *All* Bad
Complexity Rules Are Less Important Than You Think
Screening New Passwords is a Must
Ditch the Periodic Resets
Make it Easier to Choose REALLY Long Passphrases
Let Users Cut and Paste Passwords
Stop Using Security Questions for Resets

The death of the password has long been predicted by hopeful security experts who lament the longstanding issues with the world's oldest authenticator. The truth is that the password is not only alive and kicking, but it still remains the dominant login credential in enterprise settings. Some 70% of organizations rely on a password-centric approach to authentication.

While organizations should definitely try to increase the penetration of multi-factor authentication (MFA) and password-less authenticators across their systems, in the meantime they should do what they can to improve the security of their existing credential systems. One thing to keep in mind is that a lot of new research and guidance in the last few years has changed industry consensus as to the best way of doing this.
The latest iteration of the NIST Digital Identity Guidelines (Special Publication 800-63B), for example, challenged conventional wisdom about password hygiene on several fronts. Read on to glean some of the latest in unconventional wisdom about passwords that cybersecurity leaders should know.

Next slide
Recommended Reading: