Amicitas@lemmy.world to Technology@lemmy.worldEnglish · 6 months agoNIST proposes barring some of the most nonsensical password rulesarstechnica.comexternal-linkmessage-square81fedilinkarrow-up1379arrow-down13file-text
arrow-up1376arrow-down1external-linkNIST proposes barring some of the most nonsensical password rulesarstechnica.comAmicitas@lemmy.world to Technology@lemmy.worldEnglish · 6 months agomessage-square81fedilinkfile-text
minus-squarejj4211@lemmy.worldlinkfedilinkEnglisharrow-up22·6 months agoMeanwhile, my company has systems insisting on expiring ssh keys after 90 days…
minus-squareAnUnusualRelic@lemmy.worldlinkfedilinkEnglisharrow-up7·6 months agoFools! You have to expire the whole system! Reinstall everything every 90 days. It’s the only way.
minus-squarejj4211@lemmy.worldlinkfedilinkEnglisharrow-up3·6 months agoYou are going to give them ideas… Ironically, reinstall the whole system, make sure to add some CrowdStrike, SolarWinds, and Ivanti for security and management though…
minus-squareTBi@lemmy.worldlinkfedilinkEnglisharrow-up6·6 months agoMy company blocked ssh keys in favour of password + 2FA. Honestly I don’t mind the 2FA since we use yubikeys, but wouldn’t ssh key + 2FA be better?
minus-squarejj4211@lemmy.worldlinkfedilinkEnglisharrow-up2·6 months agoAll well and good when ssh activity is anchored in a human doing interactive stuff, but not as helpful when there’s a lot of headless automation that has to get from point a to point b.
minus-squareTBi@lemmy.worldlinkfedilinkEnglisharrow-up3·6 months agoYep. All the headless automation broke…
Meanwhile, my company has systems insisting on expiring ssh keys after 90 days…
Fools! You have to expire the whole system!
Reinstall everything every 90 days. It’s the only way.
You are going to give them ideas…
Ironically, reinstall the whole system, make sure to add some CrowdStrike, SolarWinds, and Ivanti for security and management though…
My company blocked ssh keys in favour of password + 2FA. Honestly I don’t mind the 2FA since we use yubikeys, but wouldn’t ssh key + 2FA be better?
All well and good when ssh activity is anchored in a human doing interactive stuff, but not as helpful when there’s a lot of headless automation that has to get from point a to point b.
Yep. All the headless automation broke…