|
|
|
|
|
|
by NegativeK
1096 days ago
|
|
|
NIST's recommendation of passphrases that don't expire except when cracked is better, because it avoids <employer name>fall2023. But now you have to pay for the audit (whether it's internal or external) and then explain why their TV quote/book title/whatever is easy to guess. And whether it's passphrases or passkeys, we still haven't solved the problem of the gajillion other accounts people will have to log into to do work that are nowhere near that standard. |
|
|