The death of the password has long been predicted by hopeful security experts who lament the longstanding issues with the world's oldest authenticator. The truth is that the password is not only alive and kicking, but it still remains the dominant login credential in enterprise settings. Some 70% of organizations rely on a password-centric approach to authentication.
While organizations should definitely try to increase the penetration of multi-factor authentication (MFA) and password-less authenticators across their systems, in the meantime they should do what they can to improve the security of their existing credential systems. One thing to keep in mind is that a lot of new research and guidance in the last few years has changed industry consensus as to the best way of doing this.
The latest iteration of the NIST Digital Identity Guidelines (Special Publication 800-63B), for example, challenged conventional wisdom about password hygiene on several fronts. Read on to glean some of the latest in unconventional wisdom about passwords that cybersecurity leaders should know.