NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:
-Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.
-Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.
-Let people use password managers. This is how we deal with all the passwords we need.
These password rules were failed attempts to fix the user. Better we fix the security systems.
Does this mean we can stop composing our passwords like Q*bert?
(Score: 2) by RS3 on Wednesday October 11 2017, @03:23AM (5 children)
I had fun recently with AOL, due to Verizon buying AOL and moving verizon.net email accounts to AOL. AOL insist on several security questions (3-5 I think).
I tried to tell them, and others, that I can remember a really good password, but multi-factor, etc., and I have to write it down, copy it to several places, keep in files on all computers, etc. Not so secure now, huh?
And they will NOT help you on the phone unless you know the answers!
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @02:21PM (4 children)
AOL???
(Score: 2) by RS3 on Wednesday October 11 2017, @06:43PM (3 children)
Not to be pedantic, but that's not a complete question; I don't understand what you're asking.
(Score: 2) by Yog-Yogguth on Sunday October 15 2017, @10:36AM (2 children)
Good point! Considering it is now 2017 it's hard to tell if he/she/it/bot is trying to be elitist (because of AOL history) or funny (because of AOL history) or impressed (not because of AOL history!!!).
Flames/burns/insults that are so old they have become flattering lol :)
I welcome our dinosaurs making dinosaur jokes about dinosaurs :D
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by RS3 on Monday October 16 2017, @04:29AM (1 child)
Yeah, or maybe the he/she/it/bot doesn't even know who/what AOL is.
Can bots google? Or does google use a bot filter?
(Score: 2) by Yog-Yogguth on Monday October 16 2017, @09:33PM
Yes (but strictly yesnomaybe although mostly very yes) bots can Google, and yesnomaybe there is a bot filter of sorts both for Google and everyone else and also for anyone using Google but not really. Easy clear answers right? :D
Google's own bots (often called indexing spiders, or at least once upon a time they were called that) are (or were) meant to respect any HTTP robots.txt file [wikipedia.org] details. Any other non-Google bot (or script for that matter) is able to use Google just like any other website or for that matter ignore (or respect) any robots.txt file they find if they act like indexing spiders themselves. Google does not have a bot filter as such but probably at very high volumes of traffic/questions/searches restricts the amount of use from any one IP address or IP subnet addresses which I guess one could call a bot filter of sorts although it's more about use and capacity i.e. flooding control and it has plenty of yesnomaybe answers of its own :)
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))