Hacker News new | ask | show | jobs
by Traubenfuchs 636 days ago
I wonder what will happen if I post a provocative „Why is our IT department violating NIST password recommendations?“ in public slack.
2 comments
Prcmaker 636 days ago
In my experience, you get labelled as not being a team player.
link
petepete 636 days ago
Or a busybody (speaking from personal experience).

About 18 months after me raising this issue and referencing both NCSC and NIST, the rules at the org I'm contracting with were changed.

I have no idea whether my suggestion made any difference.

link
rantingdemon 635 days ago
We use NIST as a baseline. Some organisations actually try to do this properly :)
link