|
Message-Id: <FD6BAC36-C513-41C2-8782-F52F072F35CF@goldmark.org> Date: Tue, 10 May 2016 11:27:09 -0500 From: Jeffrey Goldberg <jeffrey@...dmark.org> To: passwords@...ts.openwall.com Subject: Re: Password-Manager Friendly (PMF) semantic markup On 2016-05-10, at 11:17 AM, Jim Fenton <fenton@...epopcorn.net> wrote: > On 5/10/16 7:12 AM, Royce Williams wrote: >> >> We might include not just password complexity rules, but other >> qualities of authentication, including: >> >> - Password aging policy >> - Supported 2FA/MFA methods >> - Supported types of federation (log in with Google, Facebook, etc.) >> - Hashing method and parameters (salt, rounds, etc.) -- a signal of >> (in)competence ;) >> - SAML awareness? (not sure what's possible/useful here) >> > Ugh, let's not give them a place to express a password aging policy when > the only sensible answer is "no aging". I'd rather that we didn't > encourage password complexity (composition) rules either. If a site or service has such rules, then it would be good for password managers to know about them. > Hashing method and parameters: How is this information actionable by > password managers? I agree. While we should encourage sites to document such things, this isn’t the place for it. Cheers, -j –- Jeffrey Goldberg Chief Defender Against the Dark Arts @ AgileBits http://agilebits.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.