cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Contributor

Requesting update of Master Password is a standards violation

Lastpass asking for update of the master password is a violation of current guidance from the National Institute of Standards and Technology (NIST),. The guidance is at

SP 800-63-3Digital Identity Guidelineshttps://doi.org/10.6028/NIST.SP.800-63-3

and for those who want just a bit of info see the FAQs at https://pages.nist.gov/800-63-FAQ/#q-b05. The guidelines explain why it is a bad idea to update secure passwords.

 

And yes, decades ago NIST was the source of the requirement to periodically change passwords. That guidance was determined to have been inadequately justified at best.

Tags (1)