- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: Required password changes
Posted on 5/21/20 at 3:54 pm to Centinel
Posted on 5/21/20 at 3:54 pm to Centinel
I was literally just copying that part of the article.
I think you and I have discussed this before too.
![](https://images.tigerdroppings.com/Images/Icons/IconLOL.gif)
I think you and I have discussed this before too.
quote:
Should organizations mandate regular password changes? The National Institute of Standards and Technology (NIST) explained in a 2009 publication on enterprise password management that while password expiration mechanisms are “beneficial for reducing the impact of some password compromises,” they are “ineffective for others” and “often a source of frustration to users.” They went on to encourage organizations to balance security and usability needs, outlining some factors to consider. NIST emphasized that other aspects of password policies may have greater benefits than mandatory expiration, including requirements for password length and complexity, as well as use of slow hash functions with well-chosen “salt” (a technique to make sure that if two users have the same password they won’t look the same when hashed).
Posted on 5/21/20 at 3:58 pm to TH03
(no message)
This post was edited on 6/9/20 at 1:14 pm
Posted on 5/21/20 at 3:58 pm to TH03
The thing that pisses me off is we want to adopt those NIST guidelines, but some of our clients won't accept it because their "security experts" (read: box checking auditors) don't keep up with current standards or guidelines.
It's asinine. It makes the end user happier AND makes the network more secure. You'd think it's a sure fire win-win.
But nope. Auditor say you no check box correctly!!!
It's asinine. It makes the end user happier AND makes the network more secure. You'd think it's a sure fire win-win.
But nope. Auditor say you no check box correctly!!!
Popular
Back to top
![logo](https://images.tigerdroppings.com/images/layout/TDIcon.jpg)