by Chester Wisniewski

It’s no secret. We’re really bad at passwords. Nevertheless, they aren’t going away any time soon.

With so many websites and online applications requiring us to create accounts and think up passwords in a hurry, it’s no wonder so many of us struggle to follow the advice of so-called password security experts.

At the same time, the computing power available for password cracking just gets bigger and bigger.

OK, so I started with the bad news, but this cloud does have a silver lining.

It doesn’t need to be as hard as we make it and the government is here to help.

That’s right, the United States National Institute for Standards and Technology (NIST) is formulating new guidelines for password policies to be used in the whole of the US government (the public sector).

Why is this important? Because the policies are sensible and a great template for all of us to use within our own organizations and application development programs.

Anyone interested in the draft specification for Special Publication 800-63-3: Digital Authentication Guidelines can review it as it evolves over on Github or in a more accessible form on NIST’s website.

For a more human approach, security researcher Jim Fenton did a presentation earlier this month at the PasswordsCon event in Las Vegas that sums up the changes nicely.

To see what is new click here

Interesting reading about Yahoo recovering supposedly deleted files from their servers for a U.K. drug case. It makes you wonder what else is available that can be handed over to the government to prosecute you. I am not totally unhappy that these drug dealers information was made available for prosecution, however, this may be a real issue for the general private market out there. Just something to think about!

If this is peak your interest you can read more here.

CTIA members of the Smartphone Anti-Theft Voluntary Committee have met their voluntary commitment to make antitheft tools available for free on all new mobile phones manufactured after July 2016 for sale in the US. This covers most of the phones that are manufactured for sale in the US.

The first phase of this commitm you ent plan called for the antitheft tools to be installed on all handsets offered for sale after July 2015 in the US. The second phase called for new handset models sold after July 2016 in the US to give authorized users the ability to disable the antitheft tools anytime they want to, as long as the device is still connected and still in the authorized user's possession.

So if you don't like being tracked by your cell phone the ability to turn off this feature is a big boon.

For more information from naked security on the subject click here.

While this more of an old story than a new one since a patch for the issue has already been issued, the information that Naked Security discussed was interesting an if you are a Mac user and you are worried about security issues this would be something to consider. Read More Here.