top of page



Taproot Security Comments on Government Authentication Rules

Asks NIST to consider private sector impact of proposed changes


Saint Paul, MN, June 6, 2016 –

Taproot Security submitted two formal comments to the U.S. National Institute of Standards and Technology (NIST) regarding proposed changes to Special Publication 800-63, an influential technical standard for online user authentication.


One comment addresses NIST approval of short simple passwords (six numbers or letters). The second comment asks NIST to postpone a planned phase-out of 2-step verification schemes that involve text message codes, which could affect hundreds of major web sites.


Further details, including links to the NIST proposal and Taproot Security comments, can be found at .


​About Taproot Security


Taproot Security is an information security consulting firm advising industry and government on cyber issues and policy. For more information, please visit




To learn more about this announcement, please contact

Michael McCormick

Founder & President

Taproot Security, LLC


- END -

bottom of page