Re: Next steps for accessible authentication

[Jason] Some organizations (such as financial institutions) may have good security reasons to disallow password managers.

Just to note that the new NIST advice [1] came out on the 22nd:
"Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets." [2]

I assume it will take a while to filter through, but is NIST an organisation that places like banks would listen to in the US?

Cheers,

Alastair

1] https://www.nist.gov/itl/tig/special-publication-800-63-3
2] http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

Received on Sunday, 25 June 2017 08:18:51 UTC