Lukasz OlejnikSep 24, 2024
GREAT change is approaching. NIST will standardise prohibition of requirement of composing passwords from various character styles, and requirement for periodic password changes. These are harmful and obsolete rules. Now they will be treated as a cybersecurity weakness https://pages.nist.gov/800-63-4/sp800-63b.html
NIST Special Publication 800-63B

NIST Special Publication 800-63B

Show threadSpaceLifeFormSep 25, 2024

@LukaszOlejnik

Periodic password changes are Security Theatre.

#Infosec

Show threadBrad Ackerman
@SpaceLifeForm @LukaszOlejnik Most security theatre is like TSA in that it only indirectly harms security by redirecting resources away from productive work. Periodic password requirements are the higher-grade theatre (like polygraphs) that actively sabotage security.
Sep 25, 2024 at 4:55pmWeb