🔐 Password Hygiene: Rotating the Wardrobe of Digital Defense #PasswordHygiene #PasswordRotation #SmallBusinessSecurity #Cybersecurity #OpenSource #FreeTools #PasswordManager #KeePassXC #Bitwarden #Passbolt #TwoFactorAuthentication #2FA #Fail2ban #Yubikey #TOTP #OpenSourceSoftware #PasswordStrength #BusinessSecurity #DigitalDefense #SecurityPractices #PasswordPolicy #PasswordManagement #CybersecurityTips #SecurePasswords #BusinessCybersecurity #ITSecurity #OnlineSecurity

http://tomsitcafe.com/2025/04/10/%f0%9f%94%90-password-hygiene-rotating-the-wardrobe-of-digital-defense/

✨ LTB Service Desk 0.6.1 released!

📰 Some fixes needed after 0.6 release, mostly for AD compatibility and Docker images

🔗 https://projects.ow2.org/view/ldaptoolbox/ltb-service-desk-0-6-1-released/

#LDAP #OpenLDAP #ActiveDirectory #Password #Security #PasswordPolicy

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
https://thehackernews.com/2024/12/how-to-plan-new-and-improved-password.html

#Infosec #Security #Cybersecurity #CeptBiro #PasswordPolicy #RealWorldSecurityChallenges

Must not contain the characters <, > or spaces.
account.docusign.com

Do I get it correctly, that you disallow < and > symbols because you display plaintext passwords on HTML pages/other XML documents without proper encoding?

Do you use plaintext passwords for filenames (surely <, > and spaces are bad options for filenames)?

What could be the reasons to prohibit these symbols?

@docusign
@dumbpasswordrules
@duffn
#passwordpolicy

Ok found a blog post explaining it, from my reading it's equally good (or bad) as the Apple one.

So I'm going to put in the #passwordpolicy that synced passkeys are OK.

But I'd love for someone with real experience extracting/stealing these to tell me why I'm wrong about this and why it'll get us hacked.

oh, well, even you #isaca

#passwordpolicy

Passwords generated by pass shall not pass.
MyAnimeList

• Password must be between 6 - 50 characters long and contain at least two of the following: uppercase, lowercase, numbers and symbols.
• Password may only contain letters, numbers and the following symbols: ! "#$%&'()*+,-./:;<=>?@[]_{|}~.

@MyAnimeList #passwordistoostrong #passwordpolicy @duffn

Online accounts forcing you to rotate passwords periodically is bad enough, but even worse is when you use a password manager, and they reject the first password you generate because it fails some arbitrary complexity requirements (with no warning before submission).

So now it wants my "old" password, but of course in my password manager that's been replaced with this new one, so I get to go through the password reset workflow instead...

#passwords #PasswordPolicy

Do password meters discourage users from using complex passwords? Should password meters take into account the likelihood of a password being guessed by an attacker? Should I use a blacklist of commonly used passwords to prevent users from using weak passwords?

Get answers: https://www.jbspeakr.cc/password-strength-policy-guide/

#passwords #passwordpolicy #credentialstuffing

How is "partial" password reuse determined?

https://security.stackexchange.com/questions/268593/how-is-partial-password-reuse-determined

#passwordpolicy #passwords

Let's discuss in small groups - TP-Link's "Business Solution" TL-SG switches password policy.

No, no - not recommended. You're unable to set passwords longer than 16 characters, and the only special character besides the _English_ alphabet and numbers is ... underscore.

Let's list all the reasons we can think of. I'll start:

*) what's a hash?
*) [...] government told us to

#TPLink #PasswordPolicy #backdoor #crackable #infosec

Please do not do this with your #passwordpolicy

Password restrictions limit Diceware word list - (when) can this get bad enough one should choose another strategy?

https://security.stackexchange.com/questions/267259/password-restrictions-limit-diceware-word-list-when-can-this-get-bad-enough

#passwordpolicy #passwords

@Xavier oh, I see what you mean. This isn't against our #website, it's logins against #MicrosoftExchangeOnline via an #API trying to #hack into accounts. They're not even using great #passwords to spay with lol. We have #MFA enforced across the #enterprise, #PasswordPolicy is well designed, and #governance in play. I could put additional controls in place, sure, but we don't have a requirement too do so, and we feel satisfied about where we're at - good blending of security and usability.

Sorry for keeping going on but the webform finds this password: zZ?S*C>O?7dgY7 "Weak".
It also finds this one 8B2AI6 "Fair".

What have those webdevs smoked? #passwordpolicy

How To Force Users To Use Strong Passwords In Debian And Ubuntu #PAM #PluggableAuthenticationModules #PasswordPolicy #Security #Debian #Ubuntu #Linux #LinuxAdministration #Linuxhowto #Linuxsecurity #Linuxcommands
https://ostechnix.com/force-users-use-strong-passwords-debian-ubuntu/

How To Set Password Policies In Linux #PasswordPolicy #Linuxcommands #LinuxPAM #PluggableAuthenticationModules #Linux
https://ostechnix.com/how-to-set-password-policies-in-linux/

📣 LDAP Tool Box Service Desk 0.3 released!

➡️ https://projects.ow2.org/view/ldaptoolbox/ltb-service-desk-0-3-released/

#LDAP #OpenLDAP #LTB #PasswordPolicy #FreeSoftware #OpenSource #OW2 #IAM

Die erlaubten Zeichen bei Logins sind überall anders definiert, wieso kann man nicht alle Zeichen auf einer Tastur als Zeichen für die Passwortvergabe definieren. Mir erschließt sich die Problematik nicht. Es kann doch nicht sein das man im Jahr 2020 immer noch solche Restriktionen hat.
#Passwort #passwordpolicy

LDAP Tool Box : création du projet Service Desk

https://linuxfr.org/news/ldap-tool-box-creation-du-projet-service-desk

#LDAP #OpenLDAP #LTB #password #passwordpolicy