Post AckJm2egDvGSQnprSi by bitprophet@social.coop
(DIR) More posts by bitprophet@social.coop
(DIR) Post #Acjz8c3lAmnbZOUIz2 by tek@freeradical.zone
2023-12-12T17:49:36Z
0 likes, 0 repeats
Small victories: I successfully typed the long, random laptop password I made last week for the first time, first try, no peeking at the password manager.
(DIR) Post #Acjzc9E0wZwwpQMqfo by pinsk@freeradical.zone
2023-12-12T17:54:59Z
0 likes, 0 repeats
@tek how often are forced to rotate it?
(DIR) Post #AcjzoR2gWdedYwvYo4 by mensrea@freeradical.zone
2023-12-12T17:57:09Z
0 likes, 0 repeats
@tek look at him go. also that's why https://xkpasswd.net/ for the ones i need to remember
(DIR) Post #Ack1LlMC7IsY4tVajI by grueproof@fosstodon.org
2023-12-12T18:14:25Z
0 likes, 0 repeats
@tek https://media.giphy.com/media/BtEw37CXZti8yfq3Ke/giphy.gif
(DIR) Post #Ack4dOVc6Uy2I60shU by dpreacher@freeradical.zone
2023-12-12T18:51:12Z
0 likes, 0 repeats
@tek with both l and I correctly typed?
(DIR) Post #AckE3MMxa316luQCrg by bitprophet@social.coop
2023-12-12T20:36:41Z
0 likes, 0 repeats
@tek Random noise random, or diceware/correct-horse-battery-staple random?
(DIR) Post #AckJ6jS2iaSEzzE6i0 by tek@freeradical.zone
2023-12-12T21:33:22Z
0 likes, 0 repeats
@pinsk Rotate?
(DIR) Post #AckJGWHkWXtD3q4xRA by tek@freeradical.zone
2023-12-12T21:35:09Z
0 likes, 0 repeats
@bitprophet A few nearly-pronouncable random strings random.
(DIR) Post #AckJWXZpUPNJhTAuyu by pinsk@freeradical.zone
2023-12-12T21:38:04Z
0 likes, 0 repeats
@tek I have worked in organizations that require I change my primary password on a recurring cadence, 45, 60, 90 days... my current employer has dispensed with this strategy (endorse!)I realized shortly after posting this could be used for a social engineering attack, but an appropriate answer could also be 'too often'
(DIR) Post #AckJm2egDvGSQnprSi by bitprophet@social.coop
2023-12-12T21:40:51Z
0 likes, 0 repeats
@tek fhwghgads-homsar-dangeresque
(DIR) Post #AckKsg7AWjIcVKtC6q by tek@freeradical.zone
2023-12-12T21:53:13Z
0 likes, 0 repeats
@bitprophet I was tempted to reply Wordle-style.
(DIR) Post #AckLGbuNoiq4PQJwDA by tek@freeradical.zone
2023-12-12T21:57:35Z
0 likes, 0 repeats
@pinsk “According to NIST SP 800-63B, section 5.1.1.2, verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”Not even joking: this came up so frequently in discussion that I have the reference memorized. See https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver
(DIR) Post #AckLexlODErP8nj4pk by pinsk@freeradical.zone
2023-12-12T22:01:59Z
0 likes, 0 repeats
@tek an important link, thank you for sharing it!
(DIR) Post #AckcsRLvD5rZtapGmO by nateb@mastodon.thenewoil.org
2023-12-13T01:14:55Z
0 likes, 0 repeats
@tek I don't even bother remembering mine cause we do that awesome thing where we have to change it every 90 days.Party like it's 1999, baby.
(DIR) Post #Acknteg4FjxF0X1yaG by tek@freeradical.zone
2023-12-13T03:18:23Z
0 likes, 0 repeats
@nateb That’s explicitly counter to official government recommendations: https://freeradical.zone/@tek/111569682783602965
(DIR) Post #AcmgOtlJo8RLS4nHBQ by nateb@mastodon.thenewoil.org
2023-12-14T01:03:46Z
0 likes, 0 repeats
@tek I'm well fucking aware.Our IT guys are great. Our head of IT is a fucking moron and I would give anything to sit and talk with him for 10 minutes.
(DIR) Post #AcmhwYF8QBnCVmLowq by tek@freeradical.zone
2023-12-14T01:21:04Z
0 likes, 0 repeats
@nateb LOLOL. I think I've worked with him before, or at least his clone.