Nemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 9 months agoNIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square8fedilinkarrow-up11arrow-down10cross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.world
arrow-up11arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comNemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 9 months agomessage-square8fedilinkcross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.world
minus-squareUID_Zero@infosec.publinkfedilinkEnglisharrow-up0·9 months agoPlease don’t take those recommendations out of context. They also recommend MFA, but people only ever bring up the “no rotation” bit.
minus-squarelinearchaos@lemmy.worldlinkfedilinkEnglisharrow-up0·9 months agoEmphasis was from the article, not mine. They also recommend not using knowledge based prompts, allowing at least 64: characters,
minus-squareZorsith@lemmy.blahaj.zonelinkfedilinkEnglisharrow-up0·9 months agoAre they at least recommending non-SMS MFA now?
Please don’t take those recommendations out of context.
They also recommend MFA, but people only ever bring up the “no rotation” bit.
Emphasis was from the article, not mine.
They also recommend not using knowledge based prompts, allowing at least 64: characters,
Are they at least recommending non-SMS MFA now?