this post was submitted on 27 Jul 2023
1466 points (98.2% liked)

Memes

44907 readers
2663 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1466
Incorrect password (i.imgur.com)
submitted 1 year ago by [email protected] to c/[email protected]
100 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 year ago

Not sure if you're in the US. But if you are, you should leave this anonymously on the security team's desks.

> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. - NIST control SP 800-63B Section 5.1.1.2

Basically a fairly widespread standard of security. All kinda of complaince you can fall out of if you do business with anyone who cares about NIST controls.