Hey, as a random Internet stranger I’m just going to say that I’m proud of you. Everyone has their own path to becoming a better them and I’m glad you’re doing the things that work for you. Keep it up!
Hey, as a random Internet stranger I’m just going to say that I’m proud of you. Everyone has their own path to becoming a better them and I’m glad you’re doing the things that work for you. Keep it up!
What you want is NIST 800-63b https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret
Specifically sections 5.1.1.1 and 5.1.1.2.
Excerpt from 5.1.1.2 pertaining to complexity and rotation requirements:
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
Appendix A of the document contains their reasoning for changing from the previous common wisdom.
The tl;dr of their changes boil down to length is more important than any other factor when it comes to password security.
Edit to add:
In my personal opinion, organizations should be trying to move away from passwords as much as possible. If your IT team seems to think this system is so important that they need to rotate passwords every month, they should probably be transitioning to hardware security tokens, passkeys, or worst case, password with non-sms MFA.
Now I know nothing about the actual circumstances and I know there are plenty of reasons why that may not be possible in this specific case, but I’d feel remiss if I didn’t mention it.
Any organization still doing this is a decade behind best practices. NIST published new recommendations years ago that specified getting rid of the practice of regular forced password resets specifically because they encourage bad practices that make passwords weaker.
Of course it doesn’t help that there are some industry compliance standards that have refused to update their requirements, but I don’t know of any that would require monthly password changes.
Already answered more it less but:
https://www.centralcoastbrewing.com/beer/p/p-nut-butter-breakdown-stout
First time I’ve seen something from my home area pop up on Lemmy. CCB is a solid brewery.
The first trillionaire ain’t gonna make themself.
Ah shit, serves me right for posting off the cuff…
Though that is also a thing.
They’re fully vertically integrated from the silicone through the compiler, os, and all software running.
Found out a year or two ago that a kid I was kind of friends with was convicted of a murder about three years ago. He and two others killed a guy, chopped up his body, and dumped it in a lake.
Small consolation, the only reason they know about the murder is because the guy I knew had a guilty conscience and made a full confession to the police out of the blue one day. Yes, drugs were very much involved.
One of my favorite managers once told me while I was struggling with a severe case of imposter syndrome “if you’re faking it well enough that others can’t tell, you might not be faking it as much as you think.”
While I don’t disagree, this person was also quite clearly mentally ill.
Now who is it that keeps cutting support for… Oh right…
I was fired from a job over an error of about that much. After working there for 5 years.
Then they fought me on unemployment. The judge was not amused with them
I used to do penetration testing and only got to dabble in physical penetration testing a couple of times. Hell of a lot of fun.
For anyone reading this chain and interested in hearing more, this is a pretty fun interview with someone known for doing physical presentation testing.
Fuckin do it, be free
For anyone unfamiliar with the source.
https://archive.org/stream/i-have-no-mouth-and-i-must-scream_202202/I Have No Mouth And I Must Scream_djvu.txt