Users always reuse credentials: How to protect them?

NIST recently recommended organizations check users’ credentials against a set of compromised passwords in order to prevent account takeover (ATO).

However, gathering a set of compromised passwords comes with challenges. First, purchasing stolen credentials may indirectly support the criminal ecosystem. Second, password lists that are publicly available tend to be incomplete and stale.

Is there a better way to follow NIST’s guidelines and protect users from account takeover (ATO)?

Hear a discussion on the following:
  • The Threat of Stolen Credentials
  • Reasoning Behind NIST’s Password Recommendations
  • Ways to Manage a Password “Breach Corpus”
  • How Blackfish Helps Organizations Follow NIST Guidelines

Justin Richer
Coauthor of NIST Digital Identity Guidelines
Justin Richer is a systems architect, software engineer, standards editor, and service designer with over fifteen years of industry experience. He wrote the pioneering Vectors of Trust and is a co-author of NIST Special Publication 800-63 version 3.
Gautam Agarwal
Sr. Director, Product Management
Gautam is responsible for leading new product strategies across Shape's product portfolio. Prior to Shape, Gautam has 12+ years of experience in various leadership roles across product and engineering specializing in multi-device cross-platform application development tools, SaaS and Business Intelligence.