koldfront

Password best practices in the 21st century #security

🕗︎ - 2016-12-14

NIST tells it like it is:

"Verifiers SHOULD NOT impose other composition rules (mixtures of different character types, for example) on memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) unless there is evidence of compromise of the authenticator or a subscriber requests a change." - DRAFT NIST Special Publication 800-63B, Digital Authentication Guideline, Authentication and Lifecycle Management

Add comment

How to in excruciating detail…

To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Twitter, Facebook, Google or even Microsoft GitHub.

I have chosen to use a more old school method of spam prevention.

To post a comment here, you need to:

  • Configure a newsreader¹ to connect to the server koldfront.dk on port 1119 using nntps (nntp over TLS).
  • Open the newsgroup called lantern.koldfront and post a follow up to the article.
¹ Such as Thunderbird, Pan, slrn, tin or Gnus (part of Emacs).

Or, you can fill in this form:

+=