Google has released an updated version of its Authenticator app, featuring a Material 3 design overhaul and a new privacy screen that requires a PIN or biometric approval before accessing 2FA authentication codes.
Okta has confirmed a security vulnerability where usernames of 52 characters or more allowed account access without a password.
The FIDO Alliance's new Passkey standard aims to make password-less authentication a reality, but the real challenge lies in getting users to adopt the technology.
The National Institute of Standards and Technology (NIST) proposes eliminating some common but ineffective password requirements like periodic changes and restrictions on character types to improve overall security hygiene.
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
