[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, April 25, 2024

NIST Authentication Guidelines – Draft Report

Author: Mark Dixon
Tuesday, February 5, 2013
5:53 pm

Ironically, a couple of weeks after the @OracleIDM #authchat Tweet Jam about trends in authentication was held, NIST released DRAFT Special Publication 800-63-2, Electronic Authentication Guideline, over 110 pages of scintillating reading on the subject:

This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use of standards outside of this purpose. The recommendation covers remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, management processes, authentication protocols and related assertions. This publication will supersede NIST Special Publication 800-63-1.

No, I haven’t read the entire report, but I did skip forward to page 102 because the table of contents promised a discussion of “Password Entropy,” and I really like the word “entropy.”  But alas, the most profound thing I read was the obvious: “Empirical and anecdotal data suggest that many users choose very easily guessed passwords, where the system will allow them to do so.”


Comments Off on NIST Authentication Guidelines – Draft Report . Permalink . Trackback URL
WordPress Tags: ,

Comments are closed.

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.