Nemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 1 month agoNIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square8fedilinkarrow-up188arrow-down10cross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.world
arrow-up188arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comNemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 1 month agomessage-square8fedilinkcross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.world
minus-squareUID_Zero@infosec.publinkfedilinkEnglisharrow-up8arrow-down1·1 month agoPlease don’t take those recommendations out of context. They also recommend MFA, but people only ever bring up the “no rotation” bit.
minus-squarelinearchaos@lemmy.worldlinkfedilinkEnglisharrow-up4·1 month agoEmphasis was from the article, not mine. They also recommend not using knowledge based prompts, allowing at least 64: characters,
minus-squareZorsith@lemmy.blahaj.zonelinkfedilinkEnglisharrow-up4·1 month agoAre they at least recommending non-SMS MFA now?
Please don’t take those recommendations out of context.
They also recommend MFA, but people only ever bring up the “no rotation” bit.
Emphasis was from the article, not mine.
They also recommend not using knowledge based prompts, allowing at least 64: characters,
Are they at least recommending non-SMS MFA now?