Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Password management is changing up and down the chain
Wednesday - 4/29/2009, 1:33pm EDT
Senior Internet Editor
When choosing a password, we're all faced with the same problem: should I make it easy to remember or hard to crack? NIST would like some help with the same struggle for balance in setting password policy for agencies.
Karen Scarfone, a computer scientist for the National Institute of Standards and Technology, tells FederalNewsRadio "it's important to set a sound policy that... is providing the right level of security but it's not being overly inconvenient to users."
Scarfone co-authored NIST's "Guide to Enterprise Password Management" which has been issued for public comment.
The focus of the publication isn't so much on what end users can do, it's on what the organization can do, and so we talk a lot in there about policy. It's really important for organizations to think hard about the password policy - the requirements that they're putting on their users.
For example, Scarfone says, you can't just tell people not to use sticky notes stuck to the computer screen to save their passwords.
What we've been trying to do is to help people come to grips with remembering passwords. It used to be that you had maybe one or two passwords to remember, maybe for email and for getting on your computer in the morning, and increasingly we have dozens and dozens of different passwords that we have to remember.
According to NIST, the guide covers defining and implementing password policy, educating users about threats and how they should respond, and measuring the effectiveness of password policies.
NIST is requesting public comment on the draft through May 29, 2009. Comments should be sent by email to email@example.com.
On the Web:
NIST - Guide to Enterprise Password Management (pdf)
(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)