* Posts by cmcdev

2 posts • joined 12 Mar 2017

Do we need Windows patch legislation?


Blame custom application vendors that the NHS and other companies use. They unnecessarily tie applications to specific OS releases and refuse to support them on newer OSes. These vendors pretty much hold companies to ransom as consultantcy fees and migration fees are so high

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows


Passwords are not the issue

Password complexity is not the issue (to a certain point), the systems controlling them are. Rate limiting attempts, max tries per minute, hour day, pattern detection (such as logging the failures IP/MAC to multiple UIDs) and 2FA massively reduce brute force. Don't get my wrong blocking most used passwords is also required.

Biting the hand that feeds IT © 1998–2019