UCL had the same, great human factors of CS researchers but only recently changed. But I heard they still store pws in cleartext.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Not an unusual story. Money to be made in selling hocus pocus IT to universities.https://twitter.com/mikarv/status/834056002949484545 …
-
The org may fully recognize stupidity of policy, but have little choice. PCI DSS req 8.2.4 says 90 day lifetime, max on PWs , eg.
- Show replies
New conversation -
-
-
@perrymetzger This has distracted us at our office..We're now reading abt the anthropology of cargo cults. Passwords safe though!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
still commonly believed to be a secure practice by most InfoSec professionals. And I mean the thousands NOT on Twitter...
-
I still argue against pw change rules everywhere. I lose the battle to those teams each time.
End of conversation
New conversation -
-
-
It reminds me of this: Q: Do programmers have superstitions? A: Yes but we call them best practices. . Don't remember where I saw it
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'd love to hear the basics of why this is true in a few simple tweets.
-
passwords that must be changed often are more likely to be written down or stored insecurely. Pass length > youth.
End of conversation
New conversation -
-
-
@SteveBellovin no one listens to wolly headed academics. Especially when they know the subject.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.