GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    coleen (coleens_@infosec.exchange)'s status on Wednesday, 07-Dec-2022 00:34:03 JST coleen coleen

    man, password expirations really piss me off now - get with the research already

    In conversation Wednesday, 07-Dec-2022 00:34:03 JST from infosec.exchange permalink
    • Embed this notice
      silverwizard (silverwizard@convenient.email)'s status on Wednesday, 07-Dec-2022 00:34:02 JST silverwizard silverwizard
      in reply to
      @coleens_ My last job had 90 day password expiry, no ability to send a user a password reset email, and you could only change your password every 24 hours

      So I went on paternity leave, got back, my password was gone, and the admin reset it to something terrible and bad, and then I couldn't change it to something good.

      And to be clear - my password was just a bunch of garble with a number at the end, and I incremented the number every quarter >.<.
      In conversation Wednesday, 07-Dec-2022 00:34:02 JST permalink
    • Embed this notice
      coleen (coleens_@infosec.exchange)'s status on Wednesday, 07-Dec-2022 00:37:26 JST coleen coleen
      in reply to
      • silverwizard

      @silverwizard yep!

      In conversation Wednesday, 07-Dec-2022 00:37:26 JST permalink
      silverwizard likes this.
    • Embed this notice
      me (me@social.jlamothe.net)'s status on Wednesday, 07-Dec-2022 00:42:57 JST me me
      in reply to
      • silverwizard
      @silverwizard I wonder how many companies have this nonsense codified in their ISO 9000 and consequently have their hands tied on the matter.
      In conversation Wednesday, 07-Dec-2022 00:42:57 JST permalink
      silverwizard likes this.
    • Embed this notice
      silverwizard (silverwizard@convenient.email)'s status on Wednesday, 07-Dec-2022 00:42:57 JST silverwizard silverwizard
      in reply to
      • me
      • silverwizard
      @me ISO 9000 or 27001? Usually it's 27001

      I personally put NIST 800-63 in our SOC2 Docs where it said to have password expiry in the template. Basically it's the compliance equivalent of saying "Fight Me" to your auditor
      In conversation Wednesday, 07-Dec-2022 00:42:57 JST permalink
    • Embed this notice
      me (me@social.jlamothe.net)'s status on Wednesday, 07-Dec-2022 00:51:30 JST me me
      in reply to
      • silverwizard
      @silverwizard To be honest, I'm not clear on the difference.
      In conversation Wednesday, 07-Dec-2022 00:51:30 JST permalink
      silverwizard likes this.
    • Embed this notice
      silverwizard (silverwizard@convenient.email)'s status on Wednesday, 07-Dec-2022 00:53:22 JST silverwizard silverwizard
      in reply to
      • me
      • silverwizard
      @me ISO 9000 is a process definition standard demonstrating consistent quality.
      ISO 27001 is a process definition standard demonstrating consistent information security practices.

      Neither technically define actual specific processes, but instead codify proper existing processes
      In conversation Wednesday, 07-Dec-2022 00:53:22 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.