Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/horse/statuses/111804888449564567">Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Tuesday, 23-Jan-2024 19:53:30 JST</a><a href="https://infosec.exchange/@horse" title="horse@infosec.exchange"><img src="https://gnusocial.jp/avatar/27689-48-20240112235447.webp" width="48" height="48" alt="Jake Hildreth (acorn) :blacker_heart_outline:" style="position: absolute; left: 0; top: 0;">Jake Hildreth (acorn) :blacker_heart_outline:</a><div><a href="https://infosec.exchange/@rmd1023/111777414462831074" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@rmd1023">@rmd1023</a> Periodic password changes are bad, but there are other requirements in NIST 800-63B that must be in place before eliminating password changes.</p><p>For example:  password filtering (to prevent the creation/continued use of weak/compromised passwords) and password storage requirements are an integral part of 800-63B. </p><p>if MyChart is unwilling or incapable of providing the additional protections required, periodic password changes are the superior choice.</p><p>Ultimately, the best solution is for MyChart to take the steps required to eliminate password changes, but there’s so much for to 800-63B than “if you like your password, you can now keep it as long as you like!”</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2623947#notice-5197378">In conversation</a><time datetime="2024-01-23T19:53:30+09:00" title="Tuesday, 23-Jan-2024 19:53:30 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@horse/111804888449564567" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@horse/111804888449564567">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Tuesday, 23-Jan-2024 19:53:30 JSTJake Hildreth (acorn) :blacker_heart_outline:
in reply to
- HTTP 1.1/418 Resistance Teapot
@rmd1023 Periodic password changes are bad, but there are other requirements in NIST 800-63B that must be in place before eliminating password changes.
For example: password filtering (to prevent the creation/continued use of weak/compromised passwords) and password storage requirements are an integral part of 800-63B.
if MyChart is unwilling or incapable of providing the additional protections required, periodic password changes are the superior choice.
Ultimately, the best solution is for MyChart to take the steps required to eliminate password changes, but there’s so much for to 800-63B than “if you like your password, you can now keep it as long as you like!”
In conversationabout 10 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice