SysAdmin1138 is a user on octodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
SysAdmin1138 @sysadmin1138

US NIST SP-800-63B is FINAL. It includes this gem IN THE STANDARD:

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different
character types or prohibiting consecutively repeated characters) for memorized secrets.

Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).
However, verifiers SHALL force a change if there is evidence of compromise of the
authenticator

octodon.social/media/2eOn3CQnK

turi @turi

@sysadmin1138 Finally, not that that will have a huge impact on websites for a long time.

SysAdmin1138 @sysadmin1138

@turi But now we have a thick wodge of paper to use to lobby for internal change!

· Web · 0 · 1
turi @turi

@sysadmin1138 That will definitely help with websites big enough to have management :)

octodon.social powered by Mastodon