this post was submitted on 26 Sep 2024
548 points (99.3% liked)

Technology

59143 readers
5340 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

you are viewing a single comment's thread
view the rest of the comments
[–] Madblood 41 points 1 month ago (2 children)

Don’t bug users to change passwords periodically. Only do it if there’s evidence of compromise.

About damn time. I log into my company laptop with a smart card and PIN or a PIN/authenticator code, computer autoconnects to the VPN, and I'm good to go. If there's no internet available, the smart card will still get me into my computer. If I'm on my personal computer, I log in with the PIN/authenticator. This morning I tried really hard to find someplace where I had the option of entering a password and there is none, yet I have to change my password every 6 months. At least my IT department lets me use KeePass.

[–] [email protected] 5 points 1 month ago* (last edited 1 month ago)

I'll log into my home desktop and I'll get a message telling me that "it's time to reset your password!"

First of all, how dare you, on my computer? In my home?

Secondly, I don't even have a password on this thing

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

Eh, I think they should nag users to change their password proportional to how "strong" their password is. If you're barely meeting the minimum: reset every few months. If you're using a proper passphrase dozens of characters long: only reset if there's evidence of compromise.