The philosophy behind password selection and management is constantly evolving. Recently, the National Institute of Standards and Technology (NIST) made revisions to their guidelines regarding passwords for secure systems. As NIST standards form the baseline for many organizations' security policies, we have made changes to ASEBA-Web™ to better support NIST guidelines. With the release of v18.104.22.168, it is a good time for administrators of ASEBA-Web™ to navigate to "Manage Account Settings" and review their password parameters:
In particular, we recommend administrators review the following:
- NIST now recommends that passwords expire less frequently, only every 365 days. ASEBA-Web™'s previous allowed maximum was 157 days, but it is now 365 days per NIST recommendations.
- NIST recommends that passwords are longer in length. ASEBA-Web™ still allows passwords to have a minimum length of 8 characters, but we recommend you consider raising your minimum length to 12 characters.
- NIST now recommends lockouts occur for 30 minutes.