In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800–63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users. Nearly every year since, NIST has undertaken to update or underscore these guidelines as security experts continue to glean more insights into the true effectiveness of passwords resulting from the analysis of breach corpuses and applying insights into how humans tend to approach the formation of secrets.

Resistance to Still Relevant Requirements

As human beings, habits, perceptions, and established ways of thinking tend to be very difficult…


High-profile data breaches in recent years have created a new and rapidly emerging high-risk reality that businesses must be made aware of, and which can no longer be ignored. This high-risk reality is the creation and accessibility of huge data lakes containing billions of leaked credentials for sale on the dark web* that provide an exact match to access into many organizations' sensitive data and corporate intellectual property.

Since the beginning of 2017, the industry has experienced a terrific spike in data breaches leveraging compromised credentials. …

Stan Bounev

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store