Nemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 3 days agoNIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square8fedilinkarrow-up190arrow-down10cross-posted to: [email protected][email protected]
arrow-up190arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comNemeski@lemm.ee to Cybersecurity@sh.itjust.worksEnglish · 3 days agomessage-square8fedilinkcross-posted to: [email protected][email protected]
minus-squareUID_Zero@infosec.publinkfedilinkEnglisharrow-up8arrow-down1·3 days agoPlease don’t take those recommendations out of context. They also recommend MFA, but people only ever bring up the “no rotation” bit.
minus-squarelinearchaos@lemmy.worldlinkfedilinkEnglisharrow-up4·3 days agoEmphasis was from the article, not mine. They also recommend not using knowledge based prompts, allowing at least 64: characters,
minus-squareZorsith@lemmy.blahaj.zonelinkfedilinkEnglisharrow-up5·3 days agoAre they at least recommending non-SMS MFA now?
Please don’t take those recommendations out of context.
They also recommend MFA, but people only ever bring up the “no rotation” bit.
Emphasis was from the article, not mine.
They also recommend not using knowledge based prompts, allowing at least 64: characters,
Are they at least recommending non-SMS MFA now?