Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
Not sure if you’re in the US. But if you are, you should leave this anonymously on the security team’s desks.
> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. - NIST control SP 800-63B Section 5.1.1.2
Basically a fairly widespread standard of security. All kinda of complaince you can fall out of if you do business with anyone who cares about NIST controls.
Not sure if you’re in the US. But if you are, you should leave this anonymously on the security team’s desks.
> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. - NIST control SP 800-63B Section 5.1.1.2
Basically a fairly widespread standard of security. All kinda of complaince you can fall out of if you do business with anyone who cares about NIST controls.