{"id":57234,"date":"2024-09-26T14:50:12","date_gmt":"2024-09-26T14:50:12","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36397\/NIST-Proposes-Barring-Some-Of-The-Most-Nonsensical-Password-Rules.html"},"modified":"2024-09-26T14:50:12","modified_gmt":"2024-09-26T14:50:12","slug":"nist-proposes-barring-some-of-the-most-nonsensical-password-rules","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/","title":{"rendered":"NIST Proposes Barring Some Of The Most Nonsensical Password Rules"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/password-800x600.jpeg\" alt=\"NIST proposes barring some of the most nonsensical password rules\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/09\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">336<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 20:single\/related:8405c1fb3eb8bdbe7e45bb806b92f574 --><!-- empty --><\/p>\n<p>The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions.<\/p>\n<p>Choosing strong passwords and storing them safely is one of the most challenging parts of a good cybersecurity regimen. More challenging still is complying with password rules imposed by employers, federal agencies, and providers of online services. Frequently, the rules\u2014ostensibly to enhance security hygiene\u2014actually undermine it. And yet, the nameless rulemakers impose the requirements anyway.<\/p>\n<h2>Stop the madness, please!<\/h2>\n<p>Last week, NIST released its second public draft of <a href=\"https:\/\/pages.nist.gov\/800-63-4\/sp800-63b.html\">SP 800-63-4<\/a>, the latest version of its Digital Identity Guidelines. At roughly 35,000 words and filled with jargon and bureaucratic terms, the document is nearly impossible to read all the way through and just as hard to understand fully. It sets both the technical requirements and recommended best practices for determining the validity of methods used to authenticate digital identities online. Organizations that interact with the federal government online are required to be in compliance.<\/p>\n<p>A section devoted to passwords injects a large helping of badly needed common sense practices that challenge common policies. An example: The new rules bar the requirement that end users periodically change their passwords. This requirement came into being decades ago when password security was poorly understood, and it was common for people to choose common names, dictionary words, and other secrets that were easily guessed.<\/p>\n<p>Since then, most services require the use of stronger passwords made up of randomly generated characters or phrases. When passwords are chosen properly, the requirement to periodically change them, typically every one to three months, can actually diminish security because the added burden incentivizes weaker passwords that are easier for people to set and remember.<\/p>\n<p>Another requirement that often does more harm than good is the required use of certain characters, such as at least one number, one special character, and one upper- and lowercase letter. When passwords are sufficiently long and random, there\u2019s no benefit from requiring or restricting the use of certain characters. And again, rules governing composition can actually lead to people choosing weaker passcodes.<\/p>\n<p>The latest NIST guidelines now state that:<\/p>\n<ul>\n<li>Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and<\/li>\n<li>Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.<\/li>\n<\/ul>\n<p>(\u201cVerifiers\u201d is bureaucrat speak for the entity that verifies an account holder\u2019s identity by corroborating the holder\u2019s authentication credentials. Short for credential service provider, \u201cCSPs\u201d are a trusted entity that assigns or registers authenticators to the account holder.)<\/p>\n<p>In previous versions of the guidelines, some of the rules used the words \u201cshould not,\u201d which means the practice is not recommended as a best practice. \u201cShall not,\u201d by contrast, means the practice must be barred for an organization to be in compliance.<\/p>\n<p>The latest document contains several other common sense practices, including:<\/p>\n<blockquote>\n<ol>\n<li>Verifiers and CSPs <strong>SHALL<\/strong> require passwords to be a minimum of eight characters in length and <strong>SHOULD<\/strong> require passwords to be a minimum of 15 characters in length.<\/li>\n<li>Verifiers and CSPs <strong>SHOULD<\/strong> permit a maximum password length of at least 64 characters.<\/li>\n<li>Verifiers and CSPs <strong>SHOULD<\/strong> accept all printing ASCII <a href=\"https:\/\/arstechnica.com\/800-63-4\/sp800-63b\/references\/#ref-RFC20\">[RFC20]<\/a> characters and the space character in passwords.<\/li>\n<li>Verifiers and CSPs <strong>SHOULD<\/strong> accept Unicode <a href=\"https:\/\/arstechnica.com\/800-63-4\/sp800-63b\/references\/#ref-ISOIEC10646\">[ISO\/ISC 10646]<\/a> characters in passwords. Each Unicode code point <strong>SHALL<\/strong> be counted as a single character when evaluating password length.<\/li>\n<li>Verifiers and CSPs <strong>SHALL NOT<\/strong> impose other composition rules (e.g., requiring mixtures of different character types) for passwords.<\/li>\n<li>Verifiers and CSPs <strong>SHALL NOT<\/strong> require users to change passwords periodically. However, verifiers <strong>SHALL<\/strong> force a change if there is evidence of compromise of the authenticator.<\/li>\n<li>Verifiers and CSPs <strong>SHALL NOT<\/strong> permit the subscriber to store a hint that is accessible to an unauthenticated claimant.<\/li>\n<li>Verifiers and CSPs <strong>SHALL NOT<\/strong> prompt subscribers to use knowledge-based authentication (KBA) (e.g., \u201cWhat was the name of your first pet?\u201d) or security questions when choosing passwords.<\/li>\n<li>Verifiers <strong>SHALL<\/strong> verify the entire submitted password (i.e., not truncate it).<\/li>\n<\/ol>\n<\/blockquote>\n<p>Critics have for years <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/06\/microsoft-says-mandatory-password-changing-is-ancient-and-obsolete\/\">called out<\/a> the <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/08\/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says\/\">folly and harm<\/a> resulting from many commonly enforced password rules. And yet, banks, online services, and government agencies have largely clung to them anyway. The new guidelines, should they become final, aren&#8217;t universally binding, but they could provide persuasive talking points in favor of doing away with the nonsense.<\/p>\n<p>NIST invites people to submit comments on the guidelines to dig-comments@nist.gov by 11:59 pm Eastern Time on October 7.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36397\/NIST-Proposes-Barring-Some-Of-The-Most-Nonsensical-Password-Rules.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":57235,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[11062],"class_list":["post-57234","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentpassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NIST Proposes Barring Some Of The Most Nonsensical Password Rules 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIST Proposes Barring Some Of The Most Nonsensical Password Rules 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-26T14:50:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/password-800x600.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"NIST Proposes Barring Some Of The Most Nonsensical Password Rules\",\"datePublished\":\"2024-09-26T14:50:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/\"},\"wordCount\":808,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg\",\"keywords\":[\"headline,government,password\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/\",\"name\":\"NIST Proposes Barring Some Of The Most Nonsensical Password Rules 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg\",\"datePublished\":\"2024-09-26T14:50:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentpassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NIST Proposes Barring Some Of The Most Nonsensical Password Rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIST Proposes Barring Some Of The Most Nonsensical Password Rules 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/","og_locale":"en_US","og_type":"article","og_title":"NIST Proposes Barring Some Of The Most Nonsensical Password Rules 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-09-26T14:50:12+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/password-800x600.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"NIST Proposes Barring Some Of The Most Nonsensical Password Rules","datePublished":"2024-09-26T14:50:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/"},"wordCount":808,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg","keywords":["headline,government,password"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/","url":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/","name":"NIST Proposes Barring Some Of The Most Nonsensical Password Rules 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg","datePublished":"2024-09-26T14:50:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/09\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules.jpg","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/nist-proposes-barring-some-of-the-most-nonsensical-password-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentpassword\/"},{"@type":"ListItem","position":3,"name":"NIST Proposes Barring Some Of The Most Nonsensical Password Rules"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57234"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57234\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/57235"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}