Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Changes in Password Best Practices

posted by mrpg on Tuesday October 10 2017, @09:30PM   Printer-friendly
from the gud1dea dept.

Phoenix666 writes:

Schneier on Security:

NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:

-Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.

-Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.

-Let people use password managers. This is how we deal with all the passwords we need.

These password rules were failed attempts to fix the user. Better we fix the security systems.

Does this mean we can stop composing our passwords like Q*bert?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Changes in Password Best Practices | Log In/Create an Account | Top | 72 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Troll) by bob_super on Tuesday October 10 2017, @10:11PM (7 children)

    by bob_super (1357) on Tuesday October 10 2017, @10:11PM (#580111)

    Oh Dear, Oh Dear, what will one do if they are locked out of facebook for a full hour?
    I'll call the UNHCR for you.

    Starting Score:    1  point
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   1  

  • (Score: 0) by Anonymous Coward on Tuesday October 10 2017, @10:23PM (3 children)

    by Anonymous Coward on Tuesday October 10 2017, @10:23PM (#580117)

    Oh Dear, Oh Dear, what will one do if they are locked out of facebook for a full hour?

    There's this thing called life that relied on genuine human interaction, unfortunately facebook have yet to offer this service to their users (AKA: product).

    • (Score: 2) by takyon on Tuesday October 10 2017, @10:49PM

      by takyon (881) <takyonNO@SPAMsoylentnews.org> on Tuesday October 10 2017, @10:49PM (#580132) Journal

      There's this thing called life that relied on genuine human interaction, unfortunately facebook have yet to offer this service to their users (AKA: product).

      It's coming [soylentnews.org]

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

    • (Score: 0) by Anonymous Coward on Tuesday October 10 2017, @11:57PM (1 child)

      by Anonymous Coward on Tuesday October 10 2017, @11:57PM (#580167)

      Sometimes people use Facebook to arrange in-person meetings, do they not? In which case, an hour's delay in communicating could be a problem.

      • (Score: 3, Informative) by Anal Pumpernickel on Wednesday October 11 2017, @08:45AM

        by Anal Pumpernickel (776) on Wednesday October 11 2017, @08:45AM (#580347)

        Regardless of what reasons people have for allowing themselves to be used by the monstrous surveillance engine known as Facebook, they are fools for doing so.

  • (Score: 2) by richtopia on Tuesday October 10 2017, @11:15PM (2 children)

    by richtopia (3160) on Tuesday October 10 2017, @11:15PM (#580147) Homepage Journal

    I know my Facebook account password. However I haven't logged in for 7 years, so when I attempted to again I was prompted with a series of security questions asking me to identify people in photos. I don't know how my high school colleagues look!

    Moral of the story, moving onto 8 years of no Facebook. And my family who only uses Facebook messenger to make social plans never communicates with me.

    • (Score: 0) by Anonymous Coward on Wednesday October 11 2017, @12:10AM (1 child)

      by Anonymous Coward on Wednesday October 11 2017, @12:10AM (#580176)

      https://www.prod.facebook.com/help/159096464162185 [facebook.com]

      What types of ID does Facebook accept?

      If you need to confirm your name on Facebook, or if you've lost access to your account, you may be asked to send us a copy of something with your name on it. You have several different options for this, including photo IDs that are issued by the government, IDs from non-government organizations, official certificates or licenses that include your name or other physical items like a magazine subscription or a piece of mail.

      Any time you send us something that confirms your name or identity, please cover up any personal information we don't need to see (ex: credit card number, Social Security number). Also keep in mind that we encrypt everyone's connection to Facebook by default and delete anything that you've sent to us after we've confirmed your name or identity.

      • (Score: 2) by Aiwendil on Wednesday October 11 2017, @01:15PM

        by Aiwendil (531) on Wednesday October 11 2017, @01:15PM (#580439) Journal

        If you need to confirm your name on Facebook, or if you've lost access to your account, you may be asked to send us a copy of something with your name on it.

        And that really annoys me, I havn't signed up with my real name for anything in more than a decade (only about 60% of my friends know my real name, almost all knows this username however). Also how does it deal with name changes?

        Why on earth would I sign up on a social networking site with a name very few people call me? (Not even my coworkers call me by my name, they instead uses one of the three irl-nicknames I have. I know some of them don't know my name) And it can be years between the times when I hear someone call me by my real name.