Amicitas@lemmy.world to Technology@lemmy.worldEnglish · 2 months agoNIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square169fedilinkarrow-up1546arrow-down14file-textcross-posted to: cybersecurity@sh.itjust.workscybersecurity@sh.itjust.works
arrow-up1542arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comAmicitas@lemmy.world to Technology@lemmy.worldEnglish · 2 months agomessage-square169fedilinkfile-textcross-posted to: cybersecurity@sh.itjust.workscybersecurity@sh.itjust.works
minus-squareperviouslyiner@lemmy.worldlinkfedilinkEnglisharrow-up9·2 months agore #7, I hope they are also saying no ‘secret questions’ to reset the password?
minus-squareLvxferre@mander.xyzlinkfedilinkEnglisharrow-up1·2 months agoI think so, based on the original: “Verifiers and CSPs [credential service providers] SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.” With “shall not” being used for hard prohibitions.
re #7, I hope they are also saying no ‘secret questions’ to reset the password?
I think so, based on the original: “Verifiers and CSPs [credential service providers] SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.” With “shall not” being used for hard prohibitions.