The New NIST Digital Identity Guidelines:
Impact on Passwords, Security Questions & Account Lockouts
Webinar OR Recorded Webinar + Free Digital Download
Wednesday, February 27, 2019
12:00 pm – 1:30 pm Pacific
1:00 pm – 2:30 pm Mountain
2:00 pm – 3:30 pm Central
3:00 pm – 4:30 pm Eastern
In the summer of 2016, the National Institute of Standards and Technology (NIST) published new draft guidelines that proposed sweeping changes to traditional security models and best practices. Finalized in the summer of 2017, the new NIST guidelines upended several historical approaches to authentication. Security questions are no longer considered secure. Mandatory periodic password changes can weaken security. Special characters can make passwords harder for users to remember and easier for hackers to guess. Is the three-attempt lockout policy even necessary? Regulators defer to NIST standards. Therefore, financial institutions must prepare for shifts in authentication and security compliance by fundamentally recalibrating the balance between digital security and user experience.
HIGHLIGHTS
- New NIST Digital Identity Guidelines – what to know and why you should care
- Why “security” (challenge) questions aren’t secure
- Why mandatory periodic password changes make passwords less secure
- Why three-attempt account lockouts are unnecessary, frustrate users, and discourage account vigilance
- How to revise password parameters for stronger security and happier end-users
- How to implement two-factor authentication (2FA) for maximum security and usability
- Browser boot-camp: understanding strengths and vulnerabilities among popular web browsers
- Securing your digital channels by taking cues from BigTech
- TAKE-AWAY TOOLKIT
- NIST Special Publication 800-63B Digital Identity Guidelines
- Directory of articles and resources on NIST implications and best practices
- Employee training log
- Quiz to measure staff learning and a separate answer key
DON’T MISS THIS RELATED WEBINAR!
Synthetic ID Fraud: What It Is, How It Works & Real-Life Scenarios
on Monday, March 11, 2019
Attendance verification for CE credits provided upon request.
WHO SHOULD ATTEND?
This informative session is designed for information security officers, risk officers, compliance officers, IT managers, operations managers, and anyone responsible for the evolution and security of digital banking channels.
Please note: The live webinar option allows you to have one internet connection (from a single computer terminal). You may have as many people as you like listen and watch from your office computer.
ABOUT THE PRESENTER – Chad Killingsworth, Jack Henry & Associates, Inc.®
Chad Killingsworth is Director of Software Engineering for the Banno Digital Platform at Jack Henry & Associates, Inc. He and his team build modern digital banking experiences for U.S. financial institutions using Polymer, an open-source JavaScript library developed by Google and contributors on GitHub. Chad contributes to many open source projects including Google’s Closure Compiler, and ardently advocates for modern security practices to anyone within earshot.
THREE REGISTRATION OPTIONS
Note: All materials are subject to copyright. Transmission, retransmission, or republishing this webinar to other institutions or those not employed by your financial institution is prohibited. Print materials may be copied for eligible participants only.
1. LIVE WEBINAR
The live webinar option allows you to have one internet connection from a single computer terminal. You may have as many people as you like listen and watch from your office computer. Registrants receive a website address and passcode that allows entrance to the seminar. The session will be approximately 90 minutes, including question and answer sessions. Seminar materials, including instructions, passcode, and handouts will be emailed prior to the broadcast. You will need the most-current version of Adobe Reader available free at www.adobe.com.
2. RECORDED WEBINAR + FREE DIGITAL DOWNLOAD
Can’t attend the live webinar? This option provides a recording of the live event, including audio, visuals, and handouts. We even provide the presenter’s email address for follow-up questions. You will receive an email with the recorded webinar link, which can be viewed anytime 24/7, beginning 6 business days after the webinar. You will also receive instruction on how to download a free digital copy of the webinar to your PC, which you may keep and use indefinitely.
The recorded webinar may ONLY be ordered for 6 months following the live webinar. In addition, the download must be completed within 6 months of the live webinar date.
3. BOTH LIVE WEBINAR & RECORDED WEBINAR + FREE DIGITAL DOWNLOAD
Options 1 and 2 described above.
AFFORDABLE, PROFESSIONAL TRAINING, WHEN AND WHERE YOU CHOOSE |
