Strypey on Nostr: I really wish I could get the professionals who work in NZ government IT and internet ...
I really wish I could get the professionals who work in NZ government IT and internet banking to read these recommendations. Because Wisniewski's summary of what NIST advises against, reads like a laundry list of things I routinely see in those websites' passphrase practices;
* maximum lengths that are crazy low
* lack of support for full UNICODE character set
* composition rules (eg must have a capital and 1 bit of punctuation) that make them harder to remember, but no harder to guess
(2/?)
Published at
2025-02-25 21:44:27Event JSON
{
"id": "ce76ed59e7147b730c67678e6fc0bf2fdaf7d0d8bcff97fb0493caee7cf9b613",
"pubkey": "0b9db3c0a234209dc7a0645154b009b96c8f8fdadd0558d704dcb85404b2bb9c",
"created_at": 1740519867,
"kind": 1,
"tags": [
[
"e",
"1c6ef1345a2a18653aa3168754e67981f170f44e113fc15aa012778b722e136a",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.nzoss.nz/users/strypey/statuses/114066710022329591",
"activitypub"
]
],
"content": "I really wish I could get the professionals who work in NZ government IT and internet banking to read these recommendations. Because Wisniewski's summary of what NIST advises against, reads like a laundry list of things I routinely see in those websites' passphrase practices;\n\n* maximum lengths that are crazy low\n\n* lack of support for full UNICODE character set\n\n* composition rules (eg must have a capital and 1 bit of punctuation) that make them harder to remember, but no harder to guess\n\n(2/?)",
"sig": "afe9101931705660606a279eccb1e69a126f069ed3234867f233e3fc6339cb4821973277fa3aeb308207c2cda2a5f7a0150dd1961c51831e6c9c794f155f53ec"
}
