Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I
‎12-01-2019 09:03 AM
‎12-01-2019 09:03 AM

Dustin Got It Right

Dustin's 12/1/2019 Sunday Comic got two things right in a commentary on passwords:

https://www.comicskingdom.com/shared_comics/2e258750-c12c-4c5c-8928-e4bea6bee071

 

1. Treating all passwords as if they are protecting the same level of highly sensitive information or extreme risk is silly.

2. Continuing the broadly enforced  out of date password complexity and refresh rules is not only cumbersome, but stupid.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
0 Kudos
1 Reply
ericgeater
Community Champion
‎12-01-2019 07:11 PM
‎12-01-2019 07:11 PM

Without quoting Randall Munroe's sublime password demystifying cartoon myself (I'll let this Gizmodo article do that for me!), I remember reading how a retired NIST bureaucrat admitted that he wrote bad password creation guidance -- but only after he left his role.

Maybe at some point, someone will revise 800-63 Appendix A by appending it to say "or just use a thirty character passphrase, and at least *consider* adding MFA."

-----------
A claim is as good as its veracity.
linkedin[.]com/in/geater
Reply
0 Kudos