[Coco] Mystic BBS

phil pt ptaylor2446 at gmail.com
Sat May 2 18:59:39 EDT 2020


I also do not post anything about my bbs policies in public. IF you have a
concern you need to login to my system and leave me a private message on my
bbs system.

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Sat, May 2, 2020 at 12:20 PM John E. Malmberg <wb8tyw at qsl.net> wrote:

> On 9/30/2019 5:44 PM, phil pt wrote:
> <snip>
> > The password policy is set to force the user to change their psswords
> every
> > 90 days. There is much more security feature that is included, but that
> is
> > not public information.
>
> You are out of compliance with current NIST requirements and
> recommendations.
>
> https://pages.nist.gov/800-63-FAQ/#q-b05
>
> NIST studies have verified that password expiration results in more easy
> to crack passwords.  So much more easier that NIST has banned the practice.
>
> See also:
>
> https://pages.nist.gov/800-63-FAQ/#q-b06
>
> Recommended not to require special characters.
>
> https://pages.nist.gov/800-63-FAQ/#q-b10
>
> Recommended not to require composition rules.
>
> I do not have a link handy, but there is an online copy of the study
> that NIST conducted.
>
> A lot of things that alleged security professionals have been claiming
> about creating secure passwords turned out to be actually more harmful
> than good in real world tests.
>
> This all aside from a password on a TELNET session is not secure from
> interception in route.
>
> As long as the accounts are "captive" and limited in what they can do,
> (No e-mail, shell, or direct web browsing / serving), or secret files),
> there is really not much need of stronger passwords.
>
> A higher risk is a bot creating accounts to post links that the spammer
> thinks will cause higher rankings of their pages.
>
> Regards,
> -John
>
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> https://pairlist5.pair.net/mailman/listinfo/coco
>


More information about the Coco mailing list