For anyone unfamiliar with the source.
For anyone unfamiliar with the source.
Until you find out those were also built by a junior using an llm to help 🙃
Hey, as a random Internet stranger I’m just going to say that I’m proud of you. Everyone has their own path to becoming a better them and I’m glad you’re doing the things that work for you. Keep it up!
What you want is NIST 800-63b https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret
Specifically sections 5.1.1.1 and 5.1.1.2.
Excerpt from 5.1.1.2 pertaining to complexity and rotation requirements:
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
Appendix A of the document contains their reasoning for changing from the previous common wisdom.
The tl;dr of their changes boil down to length is more important than any other factor when it comes to password security.
Edit to add:
In my personal opinion, organizations should be trying to move away from passwords as much as possible. If your IT team seems to think this system is so important that they need to rotate passwords every month, they should probably be transitioning to hardware security tokens, passkeys, or worst case, password with non-sms MFA.
Now I know nothing about the actual circumstances and I know there are plenty of reasons why that may not be possible in this specific case, but I’d feel remiss if I didn’t mention it.
Any organization still doing this is a decade behind best practices. NIST published new recommendations years ago that specified getting rid of the practice of regular forced password resets specifically because they encourage bad practices that make passwords weaker.
Of course it doesn’t help that there are some industry compliance standards that have refused to update their requirements, but I don’t know of any that would require monthly password changes.
They actually have a fairly comprehensive training program setup through their “University.” They also mix in foreign contractors, usually from China.
I almost did before the outage. Their pay was pretty low compared to similar positions at other companies though.
One of my favorite T-shirts. https://www.teepublic.com/t-shirt/23763923-utc-or-gtfo
(I am not affiliated in any way with this shop)
Already answered more it less but:
https://www.centralcoastbrewing.com/beer/p/p-nut-butter-breakdown-stout
First time I’ve seen something from my home area pop up on Lemmy. CCB is a solid brewery.
I started off really enjoying the series, but eventually had to abandon it as he kept adding increasingly over the strawmen who’s sole purpose was to be blown away by the might of Randian Objectivism.
GameStop bought them a couple of years ago. That was the deathknell.
I never even received an email. I haven’t touched Minecraft in years, probably never would have again, but my daughter is getting into it and I thought it would be fun to play with her. I found out about the migration when trying to troubleshoot why I couldn’t log in.
I tried to contact support and they told me that they had “widely communicated the migration through email and social media” and that because I had missed the migration window, I would simply have to buy a new copy. I double and triple checked. No emails regarding the migration and I’m not on social media.
One of my favorite managers once told me while I was struggling with a severe case of imposter syndrome “if you’re faking it well enough that others can’t tell, you might not be faking it as much as you think.”
This one? https://youtu.be/_loUDS4c3Cs?si=oaF9L2yCBFuy35KB
It’s a great watch on the subject.
I used to do penetration testing and only got to dabble in physical penetration testing a couple of times. Hell of a lot of fun.
For anyone reading this chain and interested in hearing more, this is a pretty fun interview with someone known for doing physical presentation testing.
Old joke that’s been around forever: “What’s the best way to generate a random string? Give a first year comp sci student an open vim editor”
“Austin Powers, his loins ready.”
Try looking to see if there are any local defcon, 2600, or BSides groups near where you’re at. That might give you a good start.
Christine Chapel in the original series was played by Majel Barret, who’s other roles in later Star Trek series include voicing the ships computer, and Lwaxana Troi.
Well that just solved the question of “what should I watch tonight?”