Dark Mode

Simon Willison's Weblog

Subscribe

27th January 2022

Consistent with the practices outlined in SP 800-63B, agencies must remove password policies that require special characters and regular password rotation from all systems within one year of the issuance of this memorandum. These requirements have long been known to lead to weaker passwords in real-world use and should not be employed by the Federal Government.

-- Memo: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

Posted 27th January 2022 at 7:18 pm

Recent articles

This is a quotation collected by Simon Willison, posted on 27th January 2022.

government 11 passwords 31 security 575