|
|
|
|
|
|
by ygjb
4335 days ago
|
|
|
Not on hand, those decisions were made years ago, and done in email discussions and in person meetings. That said, the password length requirements were driven by the cost of performing effective brute force attacks against properly hashed and salted values at the time we set that length. Privileged passwords was basically a stop gap measure to ensure that users were refreshing passwords regularly. The correct solution is to deploy multi-factor authentication. |
|
|