koldfront

Password best practices in the 21st century #security

๐Ÿ•—๏ธŽ - 2016-12-14

NIST tells it like it is:

"Verifiers SHOULD NOT impose other composition rules (mixtures of different character types, for example) on memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) unless there is evidence of compromise of the authenticator or a subscriber requests a change." - DRAFT NIST Special Publication 800-63B, Digital Authentication Guideline, Authentication and Lifecycle Management

Add comment

To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Twitter, Facebook, Google or even Microsoft GitHub.

I have chosen to use a more old school method of spam prevention.

To post a comment here, you need to:

ยน Such as Thunderbird, Pan, slrn or Gnus (part of Emacs).