At the end of August 2024, NIST issued some new guidance documentation (SP-800). Of specific interest is their recommendations around passwords (in SP-800-63B) – because it conflicts with what many organisations actually do, and addresses a few bugbears of mine. Even with widespread adoption of Multi-Factor Authentication (MFA), passwords are not dead & buried yet.

Read more