| From: | Gavan Schneider <list(dot)pg(dot)gavan(at)pendari(dot)org> |
|---|---|
| To: | pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Daulat <daulat(dot)dba(at)gmail(dot)com> |
| Subject: | Re: Password authorization |
| Date: | 2022-01-20 22:52:27 |
| Message-ID: | 2D2D1BDD-A6F8-4EAE-B302-2C39DB5CE81B@pendari.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On 21 Jan 2022, at 3:24, Daulat wrote:
> Yes, you are right, I am planning for password complexity rules and to, force users to change their password.
>
While you are in the planning stages you may wish to review current best practice, e.g., USA National Institute of Standards and Technology.
For me the most interesting aspect of the revised standard is how forcing password changes and complexity rules often leads to reduced security in the real world.
Refer:
https://pages.nist.gov/800-63-3/sp800-63-3.html
https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/ (for a more human readable version :)
Regards
Gavan Schneider
——
Gavan Schneider, Sodwalls, NSW, Australia
Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong.
— H. L. Mencken, 1920
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Ribe | 2022-01-20 23:12:03 | Re: Password authorization |
| Previous Message | Scott Ribe | 2022-01-20 22:02:38 | Re: PGAdmin(psql tool issue) |