No matter how strong your password hashes/cryptography is, if the chosen password is inherently weak, then literally no controls can protect them from disclosure attacks. Previously NIST’s approach has been to shift the risk more onto the consumer. The new approach is to shift the burden on to the provider. To that end, one of the key highlights of the new standard is blacklist validation against a list of “known-bad” passwords. These are some of the highlights of the new standard:
- Minimum password length should be 8 characters, with a maximum of no less than 64 characters.
- Recommended to have a minimum of 12 character password for sensitive sites.
- All ASCII and UNICODE characters should be allowed even emojis.
- Blacklist validation against a list of “known-bad” passwords.
- Allow for an option to read the password during input.
- Use a slow hashing algorithm ex. PBKDF2 for password storage. Using Scrypt
(RFC7914) which implements PBKDF2-HMAC-SHA-256 is recommended.
- No password composition/complexity rules (Ex: Your password must contain one lowercase letter, one uppercase letter, one number, etc..)
- No password hints.
- No Knowledge-based authentication (Ex: Where did you attend high school? What’s your favorite pet?).
- require passwords to expire unless a breach occurs.
SECURE PASSWORD STORAGE:
Keyed HMAC hash(HMAC-SHA1 or HMAC-SHA2 or HMAC-SHA3 as specified in NIST SP 800-131A rev1, Sec 9.) with 32-bit random salt AND stretched using NIST approved key derivation function (PBKDF2 as specified in NIST SP 800-132) with a minimum of 10,000 iterations. SCRYPT which uses PBKDF2 (RFC7914) is also recommended. From the NIST800-63b:
Verifiers SHALL store memorized secrets in a form that is resistant to offline attacks. Secrets SHALL be hashed with a salt value using an approved hash function such as PBKDF2 as described in [SP 800-132]. The salt value SHALL be a 32-bit or longer random value generated by an approved random bit generator and stored along with the hash result. At least 10,000 iterations of the hash function SHOULD be performed. A keyed hash function (e.g., HMAC [FIPS198-1]), with the key stored separately from the hashed authenticators (e.g., in a hardware security module) SHOULD be used to further resist dictionary attacks against the stored hashed authenticators.
Out of Band Authenticator
- Don’t Use SMS
- Respnse (only) may be over a protected channel
- OOB device authenticates to verifier using approved crypto
- Thanks to Ram C. for providing this great information.