(www.bastionzero.com)

656 points EthanHeilman | 2 comments | 27 Jan 22 15:06 UTC | HN request time: 0.544s | source

Show context

cryptica ◴[28 Jan 22 01:00 UTC] No.30109416[source]▶

I thought we had reached peak bureaucracy but I was wrong.

On the plus side, it's good that they finally figured out that forcing frequent password changes and forcing the usage of special characters are anti-patterns. I've been repeating this for over a decade.

Deprecating passwords is the wrong conclusion. A better solution would be to educate people about good password creation and handling practices. A 1-page document and/or short video would do.

replies(1): >>30110140 #

1. AdamH12113 ◴[28 Jan 22 02:42 UTC] No.30110140[source]▶

>>30109416 #

Organizations have been educating people about good password creation and handling practices for over a quarter century. It hasn't worked and there is no sign that it will ever work.

(Perhaps I misunderstood and you were being sarcastic?)

replies(1): >>30112211 #

2. cryptica ◴[28 Jan 22 08:47 UTC] No.30112211[source]▶

>>30110140 (TP) #

They haven't even come up with such practices, let alone taught them to anyone.

The practices which they did come up with have been terrible, even harmful (e.g. changing passwords often and using special symbols).

Of course if you teach the wrong thing, you will get the wrong results.

↑

I read the federal government’s Zero-Trust Memo so you don’t have to