(www.bastionzero.com)

656 points EthanHeilman | 2 comments | 27 Jan 22 15:06 UTC | HN request time: 0s | source

Show context

paganel ◴[27 Jan 22 18:16 UTC] No.30104004[source]▶

> Do not give long-lived credentials to your users.

This screams "we'll use more post-it notes for our passwords compared to before", or maybe the real world to which this memo is addressed is different compared to the real (work-related) world I know.

replies(4): >>30104332 #>>30104631 #>>30104886 #>>30123541 #

1. the_jeremy ◴[27 Jan 22 18:39 UTC] No.30104332[source]▶

>>30104004 #

It specifically calls out not requiring regular password rotation. Short-lived credentials is for tokens with expiration, not the password you use to login to the service that gives you the token.

replies(1): >>30104562 #

2. paganel ◴[27 Jan 22 18:55 UTC] No.30104562[source]▶

>>30104332 (TP) #

Got it, thanks.

↑

I read the federal government’s Zero-Trust Memo so you don’t have to