cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Defender I

Dustin Got It Right

Dustin's 12/1/2019 Sunday Comic got two things right in a commentary on passwords:

https://www.comicskingdom.com/shared_comics/2e258750-c12c-4c5c-8928-e4bea6bee071

 

1. Treating all passwords as if they are protecting the same level of highly sensitive information or extreme risk is silly.

2. Continuing the broadly enforced  out of date password complexity and refresh rules is not only cumbersome, but stupid.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
1 Reply
Community Champion

Re: Dustin Got It Right

Without quoting Randall Munroe's sublime password demystifying cartoon myself (I'll let this Gizmodo article do that for me!), I remember reading how a retired NIST bureaucrat admitted that he wrote bad password creation guidance -- but only after he left his role.

Maybe at some point, someone will revise 800-63 Appendix A by appending it to say "or just use a thirty character passphrase, and at least *consider* adding MFA."

---
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."