NIST Special Publication 800-63B by NIST

Users should be encouraged to make their passwords as lengthy as they want, within reason. Since the size of a hashed password is independent of its length, there is no reason not to permit the use of lengthy passwords (or pass phrases) if the user wishes. Extremely long passwords (perhaps megabytes in length) could conceivably require excessive processing time to hash, so it is reasonable to have some limit.

The new NIST guidance on passwords recommend that:

  • passwords never expire
  • no required character complexity or variety rules be implemented
  • the maximum length for passwords be set to 64 characters
  • the minimum length for passwords be set to 8 characters
  • passwords are checked against known bad passwords, banned lists, etc.
  • no hints or knowledge-based questions be provided to someone trying to log in (like “Who was your best friend in high school?”)
  • passwords only are changed when forgotten

I would add two-factor authentication to that. Where possible, my online account passwords are sixteen characters or longer. I change them after notification of a data breach or in some cases, once a year. Where feasible, I have enabled two-factor or two-step authentication for my accounts. Even on my iMac at home, I have a 24 character password. I use a different password for each online account. I use a password vault application such as 1Password or LastPass to track my passwords. I protect the password vault with a sixteen character password that I don’t use anywhere else.

Read, Park, Benches, Leaves, Trees
  • Aperture—ƒ/7.1
  • Camera—NIKON D5100
  • Taken—5 November, 2013
  • Copyright—© 2013 Khürt Williams
  • Focal length—45mm
  • ISO—100
  • Shutter speed—1/80s

Can we really change the world..

We can pick something up and move it somewhere else. We can share a thought or idea with others. It is within the ability of every single one of us to say, write, or do something that changes the parameters of the world right now — or at least a small corner of it. However, I get the sense that many of us are hung up on the issue of scale. We are greedy. Some of us want to be all-star ‘change agents’ who apparently possess more power to incite change in the world relative to other people (or at least relative to the mean average of other people’s ability to change the world). We want more network influence, higher impact metrics, and broader systemic reach.

In short, we want power. We talk about changing the world to encase our thirst for power in a blanket of benevolent feel-good. But it still boils down to the exertion of our will into and over the experience of other human beings.James Shelly

I find generic advice of this sort completely useless. The problem for me isn’t what to do but “how” to do it.

First of all, to increase readership you would want to increase the number of pages each reader is seeing. You don’t want to be judged only on your last post, but rather on the whole of your work.Rach the writer

Artist Romon “Rostarr” Yang in a recent interview in Intelligence Magazine.

What I’ve learned is that everyone has their own path, if you try and replicate what someone else has been able to achieve and try and follow in their footsteps, you’re just dreaming of being them. It’s hard because there are so many ways to come up in any craft, sometimes people are just super lucky or very fortunate and they have someone who is looking out for them or they’re the son or daughter of someone rich or influential. My advice is to trust your own way, embrace all of your experiences, the highs and lows because every one of them is uniquely your own. Listen to your instincts and trust that there’s much to be learned in not knowing what’s going to happen. The beauty is in discovering it for yourself; that’s the game.Romon “Rostarr” Yang

John Saddington on starting a business.

A real startup has zero tolerance for drag, for anything that weighs it down, even if those things are good, honest people. This is hard medicine and if you can’t take it then you’re not cut out for it.

For a startup, after you’ve made the decision on the founders and founding team, it’s work before people, always.John Saddington

Would my spouse, kids and family agree to that contract? If push comes to shove, should family be collateral damage in the quest? If “work before people, always” is part of the initial DNA of the startup what sort of culture results from that? I prioritize spouse and kids over money and ambition. I don’t want to be Citizen Kane. There is no right or wrong, just consequences; wanted and unwanted.

Wonderfullly intimate portraits by Indian photographer Joshi Daniels, shot with a 28mm lens.

Since June 2017, I have been working on my new idea-the 28mm Portraits Project. For the past six years, I have primarily been using a short telephoto prime lens for my photography. I have, however, always wanted to get more close to my subjects and out of my comfort zone. Towards this end, I will be working with a 28mm wide angle lens, which is a focal length I have hardly used before.Joshi Daniels

Are you excited about securing your phone with facial recognition?

And now we’re entering the world of facial and iris based authentication. This is another model entirely. So now you don’t have to get a secret out of somebody’s head, and you don’t even have to get their physical body to touch something. All you have to do to unlock the device is to show it to their face.Daniel Miessler

Apple is releasing an update to iOS soon. Enhancements to Siri seems to be buzzing.

Amazon, with the Echo, is opening things for third-party developers making the device work with more services but also requiring users to learn the specific syntax needed to use those newly acquired skills. Apple, on the other hand, wants things to become more natural language-based where users don’t have to use a specific syntax to get work done.

For non-nerd users, natural language seems the only approach.MacSharky


Every Saturday, I share a list of inspiring or interesting articles that I read during the week. Here’s what I read this week.