Education & Events

The New NIST Digital Identity Guidelines: Impact on Passwords, Security Questions & Account Lockouts

Feb 27, 2019
Program Overview: 

Wednesday, February 27, 2019, 3:00 - 4:30 pm

In the summer of 2016, the National Institute of Standards and Technology (NIST) published new draft guidelines that proposed sweeping changes to traditional security models and best practices.  Finalized in the summer of 2017, the new NIST guidelines upended several historical approaches to authentication.  Security questions are no longer considered secure.  Mandatory periodic password changes can weaken security.  Special characters can make passwords harder for users to remember and easier for hackers to guess.  Is the three-attempt lockout policy even necessary? Regulators defer to NIST standards. Therefore, financial institutions must prepare for shifts in authentication and security compliance by fundamentally recalibrating the balance between digital security and user experience.



  • New NIST Digital Identity Guidelines – what to know and why you should care
  • Why “security” (challenge) questions aren’t secure
  • Why mandatory periodic password changes make passwords less secure
  • Why three-attempt account lockouts are unnecessary, frustrate users, and discourage account vigilance
  • How to revise password parameters for stronger security and happier end-users
  • How to implement two-factor authentication (2FA) for maximum security and usability
  • Browser boot-camp: understanding strengths and vulnerabilities among popular web browsers
  • Securing your digital channels by taking cues from BigTech


    • NIST Special Publication 800-63B Digital Identity Guidelines
    • Directory of articles and resources on NIST implications and best practices
    • Employee training log
    • Quiz to measure staff learning and a separate answer key


Michele Barlow is the Vice President at PAR/WACHA (The Premier Payments Resource), headquartered in Wisconsin.  Before joining the WACHA team in 2009, Michele spent several years as a corporate trainer in the financial industry.  She is responsible for development and execution of association training and certification programs, conference planning, and member service.  Michele is a member of NACHA’s Blue Ribbon Panel, the APRP Oversight Panel, and the Payments Institute Board of Regents. She is active on other national committees, and a frequent speaker at industry events.  She obtained her AAP certification in 2010, her NCP in 2011, and became an NCP Certified Trainer in 2012.  Michele holds a Bachelor’s from the University of Wisconsin.




This informative session is designed for information security officers, risk officers, compliance officers, IT managers, operations managers, and anyone responsible for the evolution and security of digital banking channels.













Live Webinar
    $255.00 Single Location
    $150.00 Each Additional Location

Recorded Webinar & Free Digital Download

Premiere Package (Live & Recorded Webinar with Free Digital Download)

Additional Information: 


Synthetic ID Fraud: What It Is, How It Works & Real-Life Scenarios
Monday, March 11, 2019

Association Contact: 

If you have any questions or need additional information, please contact Marcy Borden at 317-387-9380 or

Cancellation Policy: 

Within three or more business days prior to the day of an educational program, no cancellation charge will be assessed. If your bank is unable to participate after registering, you can select to purchase the on-demand presentation.

Webinar Options: 

1.  Live Webinar
The LIVE WEBINAR option allows you to have one telephone connection for the audio portion and one Internet connection (from a single computer terminal) to view online visuals as the presentation is delivered.  You may have as many people as you like listen from your office speaker phone. Registrants receive a toll-free number & pass code that will allow entrance to the seminar. Seminar materials, including instructions, pin number, and handouts will be emailed to you prior to the broadcast.  You will need the most current version of Adobe Reader available free at

2.  Recorded Webinar & Free Digital Download
Can’t attend the live webinar?  The recorded webinar & Free Digital web link is a recording of the live event, including audio, visuals, & handouts. We even provide the presenter’s email address so you may ask follow-up questions.  Approximately one week prior to the webinar, you will receive an email with the web link.  This web link can be viewed anytime 24/7, beginning 6 business days after the webinar and will expire 6 months after the live program date.  

LIMITED AVAILABILITY:  The Recorded Webinar & Free Digital Download web link may ONLY be ordered for 6 months following the webinar.

3.  Both Live Webinar & Recorded Webinar & Free Digital Download
Includes options 1 and 2 above

Related Events

Hoosier Banker Digital

Hoosier Banker Media Kit