[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Possible reason why password usage rules are such a mess

On 11/20/20 1:03 PM, Arnold Reinhold wrote:
On Nov 20, 2020, at 3:19 PM, Kent Borg <kentborg AT borg.org> wrote:

There are *so* many ways to build an insecure system, and there is *so* little regulation about the building of these systems. First, can we regulate our way out of this insecure mess? If we can, is this really where to start?
One has to begin somewhere. And poor storage of password validation data is a major vulnerability. For starters, I am suggesting transparency and self-certification, not regulation.

Might be a start.

Though self-certification of what? Sounds like ISO standards or something. (I hope there isn't a "best practices" requirement of changing passwords every 30-days in there.)

Things are a mess, even some bad standards might be useful. Maybe for things such as just prompting people to survey to know what their systems consist of.


The cryptography mailing list
cryptography AT metzdowd.com