Re: Password generator and user creator


universal
Member
#388747

Re: Password generator and user creator

Ossian;289108 wrote:
While I completely agree regarding a pass phrase (and rep++ for the XKCD link), there is a problem that most external audits (I have encountered 3 of the big 4 organisations) have a tick box for “complex passwords” that matches MS best practice, so explaining that “actually this is more secure” doesn’t work.

That’s more than a bit alarming, since it seems to indicate that the auditors are mindlessly ticking boxes on a checklist, and are incapable of logic or even basic math.

After all, that the passphrase approach results in vastly better security is not somebody’s opinion, it’s a provable and proven fact. Having auditors insist that inferior solutions need to be used is worse than having no audits at all.