By Brett McDowell
We don’t often see passwords making front-page news, but for one week last month, you couldn’t hide from the stories about the National Institute of Standards and Technology (NIST) changing its recommendations on so-called “strong passwords”—recommendations that promise to make password creation easier for everyone. It was a rare move by government that was universally celebrated by our nation’s technorati.
Paul Grassi, the primary author of the new "Digital Identity Guidelines" (SP 800-63-3) got passwords right, but the new password rules are the least significant development in the new guidelines. The technology community needs to understand what NIST is really saying in this historic rewrite of authentication guidance because it tells you everything you need to know about the real future of passwords and one-time passcodes (OTPs), as well as the modern authentication methods you should support going forward.