Federal Agencies Hope to Bid Farewell to Conventional Passwords

No matter how clever and well-constructed your current passwords may be, they may become obsolete under new guidance for federal system authentication. Indeed, in a recent GitHub public preview document, the National Institute of Standards and Technology (NIST) says it will offer dramatic changes to its guidelines for federal agencies’ digital authentication methods.

In its new approach, NIST is transforming its current approach to identity-proofing to best suit the current Office of Management and Budget (OPM) guidance by helping agencies choose the most ultraprecise digital authentication technologies. This approach includes differentiating individual components of identity verification into inconspicuous, component elements. Using NIST’s process, individuals would establish their identity through what is called identity assurance and validate their credentials to gain entry into a given system through authenticator assurance—possibly a chip card or encrypted identity card (www.FCW.com).

Furthermore, to ensure absolute security, the document states that passwords could become entirely numeric as security experts believe that combining digits, letters and symbols in conventional passwords has thus far proved insignificant in protecting user information despite the impact on usability and memorability. Contrastingly, the NIST advises that passwords be tested against a list of unacceptable passwords. Unacceptable passwords are identified as those used in previous breaches, dictionary words, specific words, and specific names that users are most like to choose.

To further guarantee security and protection, users will not be able to have a password “hint” that is ultimately accessible to unauthenticated personnel. In other words, the familiar “first elementary school” or “name of first pet” password prompt will cease to exist.

Although these changes to password security will take place among federal agencies, many Americans will not have this level of user authentication. Thus, the infographic below includes a variety of useful tips and instruction on how to create a breach-proof password:

According to the NIST, these technologically advanced guidelines for password security and user authentication “should have a tested equal error rate of 1 in 1,000 or better, with a false-match rate of 1 in 1,000 or better” (www.FCW.com). When the NIST implements these new guidelines, federal government user data will not only have a greater level of security, it will also offer unprecedented protection to national confidential data from malicious data breaches, hackers, and cyber-attacks.