155 stories
·
10 followers

Changes in Password Best Practices

2 Comments and 22 Shares

NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:

  1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.

  2. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.

  3. Let people use password managers. This is how we deal with all the passwords we need.

These password rules were failed attempts to fix the user. Better we fix the security systems.

Read the whole story
growler
10 days ago
reply
bogorad
10 days ago
reply
Moscow, Russia
Share this story
Delete
2 public comments
CallMeWilliam
10 days ago
reply
A meeting recently:
Developer Team: Our passwords require special characters, and max out at 30 characters.
Me: Why on EARTH did you do any of that? Why do you have a max?
Devs: Because ... it's hard to remember something long? How long do you want it to be?
Me: ... Get rid of the max. Get rid of the special characters.
CIO: Wait. Why do we have passwords at all? Can we link to google/linkedin/facebook and make it their problem? We are not in the security business.
Devs: Yes!
acdha
10 days ago
reply
I’ve been happy watching such sensible guidelines make it through the review process
Washington, DC

Цитата #447167

1 Share
Подслушано в разговоре в спортзале между тренером и сильно полным новичком. Новичок стоит на весах. Тренер говорит:
- Ты глянь, ровно 100.00. С точностью до одной сотой... Ты кем работаешь, кстати? Работа подвижная?
- Работаю в палате мер и весов центнером. Работа статичная.
Чую, с ним тут будет весело.))
Read the whole story
growler
10 days ago
reply
Share this story
Delete

Self Driving

4 Comments and 21 Shares
"Crowdsourced steering" doesn't sound quite as appealing as "self driving."
Read the whole story
growler
18 days ago
reply
Share this story
Delete
4 public comments
petrilli
17 days ago
reply
So much this.
Arlington, VA
mkalus
17 days ago
reply
"Crowd Sourced Steering" doesn't quite sound as appealing as "self driving".
iPhone: 49.287476,-123.142136
JayM
18 days ago
reply
Ha
Atlanta, GA
tante
18 days ago
reply
Outsourcing AI work to people
Oldenburg/Germany

Цитата #447006

1 Share
A: руководство по гиту в котиках
B: Не хватает картинки, где кот взрывается после опечатки при rebase
C: Боюсь даже представить, что же будет с бедным котиком при использовании push --force ...
D: Так octocat (символ github) это кот после автомержа.
Read the whole story
growler
21 days ago
reply
Share this story
Delete

Цитата #446895

1 Share
xxx: Первым рэпером на Руси был Пушкин. Его Онегин неплохо так на рэпчик ложится, да и предок Сансергеича был вполне себе нига по преданию.
Read the whole story
growler
23 days ago
reply
Share this story
Delete

Цитата #446670

1 Share
Если вы не видели, как девочка двенадцати лет общается с Сири – вы не видели ничего. У них, реально, получается дружить. Это уже настоящие отношения с искуственным интелектом.
Read the whole story
growler
42 days ago
reply
Share this story
Delete
Next Page of Stories