In June 2017, NIST Special Publication 800-63-3B established new guidelines regarding how organizations should vet user passwords. Rather than password composition policies that require a certain number of character sets, NIST now recommends that organizations check passwords against a list of banned passwords and reject those that are found on the list. As of July 2018, the list of known compromised passwords numbers more than half a billion strings. This presentation will demonstrate how to solve this problem at all levels of the organization and also share a specific technical solution using a Bloom filter at Virginia Tech.
Outcomes: Understand the drastic password-vetting changes introduced by NIST 800-63-3B as of June 2017 * Learn how these changes will impact every level of your organization and how to adapt * Learn how to solve the technical challenges brought about by the changes with a hybrid solution