Proposed guidelines aim to inject badly needed common sense into password hygiene.
The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions.
Choosing strong passwords and storing them safely is one of the most challenging parts of a good cybersecurity regimen. More challenging still is complying with password rules imposed by employers, federal agencies, and providers of online services. Frequently, the rules—ostensibly to enhance security hygiene—actually undermine it. And yet, the nameless rulemakers impose the requirements anyway.

Stop the madness, please!

11 sats \ 0 replies \ @Cje95 26 Sep
Yeah I think it is safe to say in America our cybersecurity is trash with passwords. I forgot where I was reading it and it might have been from NIST itself the percentage of passwords that people were using that were just password or 123456 it was crazy like 40%.
The Congressional requirements are freakin wild and we have to change them yearly.
reply