Date: Tue, 10 May 2016 09:17:10 -0700 From: Jim Fenton <fenton@...epopcorn.net> To: passwords@...ts.openwall.com Subject: Re: Password-Manager Friendly (PMF) semantic markup On 5/10/16 7:12 AM, Royce Williams wrote: > > We might include not just password complexity rules, but other > qualities of authentication, including: > > - Password aging policy > - Supported 2FA/MFA methods > - Supported types of federation (log in with Google, Facebook, etc.) > - Hashing method and parameters (salt, rounds, etc.) -- a signal of > (in)competence ;) > - SAML awareness? (not sure what's possible/useful here) > Ugh, let's not give them a place to express a password aging policy when the only sensible answer is "no aging". I'd rather that we didn't encourage password complexity (composition) rules either. Hashing method and parameters: How is this information actionable by password managers?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.