Nemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 2 年前NIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square8linkfedilinkarrow-up189arrow-down10cross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.world
arrow-up189arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comNemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 2 年前message-square8linkfedilinkcross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.world
minus-squareUID_Zero@infosec.publinkfedilinkEnglisharrow-up8·2 年前Please don’t take those recommendations out of context. They also recommend MFA, but people only ever bring up the “no rotation” bit.
minus-squarelinearchaos@lemmy.worldlinkfedilinkEnglisharrow-up4·2 年前Emphasis was from the article, not mine. They also recommend not using knowledge based prompts, allowing at least 64: characters,
minus-squareZorsith@lemmy.blahaj.zonelinkfedilinkEnglisharrow-up4·2 年前Are they at least recommending non-SMS MFA now?
Please don’t take those recommendations out of context.
They also recommend MFA, but people only ever bring up the “no rotation” bit.
Emphasis was from the article, not mine.
They also recommend not using knowledge based prompts, allowing at least 64: characters,
Are they at least recommending non-SMS MFA now?