Tuesday, April 28, 2009

Government nonsense

My Network World colleague Mitch Kebay points out that the National Institute of Standards and Technology's Computer Security Division has just published SP 800-118, “DRAFT Guide to Enterprise Password Management” which now awaits comments. Mitch suggests it needs those comments "for improvement," but that shipped has already sailed. The only improvement would have been to not waste the time to write and publish it.

Username/password for enterprise authentication is not only poorly implemented, not only passe but also very dangerous. The ONLY guideline NIST should issue for enterprise passwords is STOP USING THEM.

Of course, with the heavy government involvement in business that the current economic crisis is enabling, a simple ban on username/password or a requirement for strong authentication would make much more sense.

Labels: , ,

Comments: Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]