[Coco] Mystic BBS

phil pt ptaylor2446 at gmail.com
Sat May 2 18:59:39 EDT 2020

I also do not post anything about my bbs policies in public. IF you have a
concern you need to login to my system and leave me a private message on my
bbs system.


On Sat, May 2, 2020 at 12:20 PM John E. Malmberg <wb8tyw at qsl.net> wrote:

> On 9/30/2019 5:44 PM, phil pt wrote:
> <snip>
> > The password policy is set to force the user to change their psswords
> every
> > 90 days. There is much more security feature that is included, but that
> is
> > not public information.
> You are out of compliance with current NIST requirements and
> recommendations.
> https://pages.nist.gov/800-63-FAQ/#q-b05
> NIST studies have verified that password expiration results in more easy
> to crack passwords.  So much more easier that NIST has banned the practice.
> See also:
> https://pages.nist.gov/800-63-FAQ/#q-b06
> Recommended not to require special characters.
> https://pages.nist.gov/800-63-FAQ/#q-b10
> Recommended not to require composition rules.
> I do not have a link handy, but there is an online copy of the study
> that NIST conducted.
> A lot of things that alleged security professionals have been claiming
> about creating secure passwords turned out to be actually more harmful
> than good in real world tests.
> This all aside from a password on a TELNET session is not secure from
> interception in route.
> As long as the accounts are "captive" and limited in what they can do,
> (No e-mail, shell, or direct web browsing / serving), or secret files),
> there is really not much need of stronger passwords.
> A higher risk is a bot creating accounts to post links that the spammer
> thinks will cause higher rankings of their pages.
> Regards,
> -John
> --
> Coco mailing list
> Coco at maltedmedia.com
> https://pairlist5.pair.net/mailman/listinfo/coco

More information about the Coco mailing list