| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Scott Ribe <scott_ribe(at)elevated-dev(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Daulat <daulat(dot)dba(at)gmail(dot)com>, pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Password complexities in Postgres v14.6 |
| Date: | 2022-12-16 16:28:49 |
| Message-ID: | CABUevEyaUngBHdPz91K_eYb=Twbd4vMq7=_=cJoF30OQMvxvJQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, Dec 16, 2022 at 5:26 PM Scott Ribe <scott_ribe(at)elevated-dev(dot)com>
wrote:
> > On Dec 16, 2022, at 9:17 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >
> > ...
>
> > (I agree that forced password rotations are also an obsolete security
> > practice, but figured that one bit of push-back at a time was enough.)
>
> I believe that NIST is now on board with this opinion, aren't they?
>
They have been for years.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daulat | 2022-12-16 17:39:31 | passwordcheck_extra module on pg v14.6 |
| Previous Message | Scott Ribe | 2022-12-16 16:25:57 | Re: Password complexities in Postgres v14.6 |