Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2016 09:17:10 -0700
From: Jim Fenton <>
Subject: Re: Password-Manager Friendly (PMF) semantic markup

On 5/10/16 7:12 AM, Royce Williams wrote:
> We might include not just password complexity rules, but other
> qualities of authentication, including:
> - Password aging policy
> - Supported 2FA/MFA methods
> - Supported types of federation (log in with Google, Facebook, etc.)
> - Hashing method and parameters (salt, rounds, etc.) -- a signal of
> (in)competence ;)
> - SAML awareness? (not sure what's possible/useful here)
Ugh, let's not give them a place to express a password aging policy when
the only sensible answer is "no aging". I'd rather that we didn't
encourage password complexity (composition) rules either.

Hashing method and parameters: How is this information actionable by
password managers?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.