cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Dustin Got It Right

Dustin's 12/1/2019 Sunday Comic got two things right in a commentary on passwords:

https://www.comicskingdom.com/shared_comics/2e258750-c12c-4c5c-8928-e4bea6bee071

 

1. Treating all passwords as if they are protecting the same level of highly sensitive information or extreme risk is silly.

2. Continuing the broadly enforced  out of date password complexity and refresh rules is not only cumbersome, but stupid.

 

Craig

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
1 Reply
Highlighted
Contributor I

Re: Dustin Got It Right

Without quoting Randall Munroe's sublime password demystifying cartoon myself (I'll let this Gizmodo article do that for me!), I remember reading how a retired NIST bureaucrat admitted that he wrote bad password creation guidance -- but only after he left his role.

Maybe at some point, someone will revise 800-63 Appendix A by appending it to say "or just use a thirty character passphrase, and at least *consider* adding MFA."

---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."