Collaborate Disseminate
For convenience and security I find password rotation requirements harmful.
Our SOC 2 auditor seems to still require them. Does SOC 2 actually require password rotation in 2020?
I would think(hope) meeting NIST password guidelines and TOT… Continue reading Does SOC-2 compliance require password rotation
Security policies have become like puzzles these days.
Except for the obvious requirements like alpha-numberic, special symbols and
length, there are more arbitrary rules. I’ve seen even 15 requirements for the
password. Something like th… Continue reading Are password puzzles a thing?
We have a single web platform, where users can log in to different workspaces.
Each workspace has its own list of users with email and password credentials and various permissions for each of those users. Email and password pairs can be du… Continue reading Is it okay to log a user into multiple accounts when the email and password are the same?
I have an openldap with ppolicy on SSHA-512. When clear text password is sent from client, the password will be stored as SSHA-512, fine.
My problem appears, once already hashed password is send e.g SHA, SSHA, the hashed value is encrypt… Continue reading Openldap re-encrypts already hashed password [migrated]
So one of the problems with password is that users reuse them or use some weak password. For the latter, even enforcing pattern does not work as users will simply go for something like P@ssw0rd1 that is easy to guess.
So instead of a user… Continue reading Is there any reason a password and pin combination isn’t more popular?
A website restricts these characters from passwords: # * ( ) %
At a casual glance, it looks like they’re not sanitizing data input to the database or hashing passwords, but I’m a hobbyist.
Should I contact the IT maintainer? This is a ne… Continue reading Why would you restrict these characters within a password? [duplicate]
When buying the theater tickets in the site biletru.co.il I was required for the email address and its password. Why ? If it is dangerous to enter the password in this case ?
Continue reading Password was required when buying the theater tickets
Online joint accounts that are similar to bank accounts that are joint accounts?
Say you want to have two partners for a certain account, let’s say a PayPal account, and you want to make it so that if one partner wants to change a passwor… Continue reading Are there joint password accounts? (Like bank accounts)
When creating a Security Policy such as Password Policy, what are some of the typical assets that need to be protected?
And how does this affect, employees, contractors, vendors, suppliers, and representatives who access the organizatio… Continue reading Creating a Password Policy for a Bank Corporation, what must one take into consideration? [closed]
Our recommended healthcare password policies that complement and support HITRUST. Since its founding in 2007, HITRUST (Health Information Trust Alliance) champions programs that safeguard sensitive information and manage information risk for global org… Continue reading HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST