The National Institute of Standards and Technology could release this summer new guidance that recommends the use of long passwords or passphrases to eliminate the need for periodic password changes, Nextgov reported Friday.
The guide also calls on government agencies and contractors to allow password length of at least 64 characters; encourage employees to create passphrases based on memorized secrets using any characters; and refrain from imposing composition rules.
NIST recommends agencies to check whether new passwords contain repetitive or sequential characters as well as context specific words, such as the name of the service, the report noted.
The agency also suggest checking new passwords against lists of passwords obtained from previous breaches.
NIST currently reviews public feedback on the guidelines via GitHub.