fbpx

Savings - Black Friday

30% discount for Personal

50% discount for Business

mobile header

Wishing to ditch your password manager?

LogMeOnce will credit you for any remaining time on your current bill. See the comparison table...

Nist 800 Information Security Policies

NIST 800-63 Digital Identity Guidelines

nist-logo11

LogmeOnce adheres to government security standards. If you are a large business enterprise or a government agency, NIST 800-63 and NIST 800-53 documents are an excellent reference material to build your organization’s security policy.

63

SP 800-63-3

Digital Identity Guidelines
63a

SP 800-63A

Enrollment & Identity Proofing
63b

SP 800-63B

Authentication & Lifecycle Management
63c

SP 800-63C

Federation & Assertions

 

NIST 800 Information Security Policies

As stated by NIST 800 Series: Passwords are used in many ways to protect data, systems, and networks. For example, passwords are used to authenticate users of operating systems and applications such as email, labor recording, and remote access. Passwords are also used to protect files and other stored information, such as password-protecting a single compressed file, a cryptographic key, or an encrypted hard drive. In addition, passwords are often used in less visible ways; for example, a biometric device may generate a password based on a fingerprint scan, and that password is then used for authentication.  

The purpose of NIST guides are to assist organizations in understanding common threats against their character-based passwords and how to mitigate those threats within the enterprise. LogmeOnce adheres to NIST guidelines. The information security policies addressed includes defining password policy requirements and selecting centralized and local password management solutions. 

It is important to note, there are different forms of passwords. One is known as a personal identification number (PIN). A PIN is relatively short (usually 4 to 6 characters) and consists of only digits. Examples of PINs are “7352” and “832290”.

Another specialized form of password is known as a Passphrase. This is a relatively long password consisting of a series of words, such as a phrase or a full sentence. An example of a passphrase is “Iamdefinitelyyour#1fan”. The motivation for passphrases is that they can be longer than single-word passwords but easier to remember than a sequence of arbitrary letters, digits, and special characters, such as “72*^dSd!” or “C8ke2.e3:”. However, a simple passphrase such as “iloverocknroll” is predictable and therefore easier for an attacker to guess than “9j%a#F.0”, so a passphrase’s length alone does not make it stronger than other passwords. NIST 800 guidelines provides information security policies to assist in development of secure password and information systems.

Copyright © 2011-2024 LogMeOnce. All rights reserved.