Thanks to a link in a blog piece by;
https://paulschreiber.com/blog/2019/04/30/password-rotation-is-dumb/
... I just read a 2016 piece by Chester Wisniewski, about the passphrase recommendations from the US National Institute of Standards and Technology (NIST). I was intrigued to learn that this included;
"SMS should no longer be used in two-factor authentication. There are many problems with the security of SMS delivery, including malware that can redirect text messages; attacks against the mobile phone network ..."
(1/?)
I really wish I could get the professionals who work in NZ government IT and internet banking to read these recommendations. Because Wisniewski's summary of what NIST advises against, reads like a laundry list of things I routinely see in those websites' passphrase practices;
* maximum lengths that are crazy low
* lack of support for full UNICODE character set
* composition rules (eg must have a capital and 1 bit of punctuation) that make them harder to remember, but no harder to guess
(2/?)
Another NIST don't, that NZ government and bank website routinely do, is knowledge-based authentication (eg what's your mother's maiden name) as 2FA (2-factor authentication). And of course SMS-based 2FA is commonplace across the industry.
(3/?)
I generally don't get paid for my work. Because I hold myself to a high standard (maybe absurdly high), and I won't ask to be paid unless I'm sure I can meet it on that job.
But many people in NZ seem to use the gift of the gab, to parley very basic computer knowledge into highly paid jobs as IT professionals. If only I had a dollar for every time I've seen things go wrong in a high-level IT setting and thought 'someone got *paid* to screw up that bad'.
Is my mistake being too honest?
(4/4)
@strypey I would say "yes, you are being too honest". "their" question "will you do this to the best of your ability" is itself dishonest since drawing a paycheck for as long as possible is the goal of most employees already "there". Doing your best anyway would make you atleast effective as other paycheck-takers.
