20171016-5 选题

sources/tech/20171010 Changes in Password Best Practices.md

@@ -0,0 +1,33 @@
+### Changes in Password Best Practices
+
+NIST recently published its four-volume  [_SP800-63b Digital Identity Guidelines_][3] . Among other things, it makes three important suggestions when it comes to passwords:
+
+1.  Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they [don't help][1] that much. It's better to allow people to use pass phrases.
+
+2.  Stop it with password expiration. That was an [old idea for an old way][2] we used computers. Today, don't make people change their passwords unless there's indication of compromise.
+
+3.  Let people use password managers. This is how we deal with all the passwords we need.
+
+These password rules were failed attempts to [fix the user][4]. Better we fix the security systems.
+
+--------------------------------------------------------------------------------
+
+作者简介：
+
+I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I write books, articles, and academic papers. Currently, I'm the Chief Technology Officer of IBM Resilient, a fellow at Harvard's Berkman Center, and a board member of EFF.
+
+-----------------
+
+via: https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html
+
+作者：[Bruce Schneier][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.schneier.com/blog/about/
+[1]:https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118
+[2]:https://securingthehuman.sans.org/blog/2017/03/23/time-for-password-expiration-to-die
+[3]:http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
+[4]:http://ieeexplore.ieee.org/document/7676198/?reload=true