Here's the full excerpt from the authentication & lifecycle management doc (CSP is "Credential Service Provider"): Of particular interest to me was the section advising organisations to block subscribers from using passwords that have previously appeared in a data breach. In that post, I talked about NIST's Digital Identity Guidelines which were recently released. Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. More on why later on.Įdit 2: The API model described below has subsequently been discontinued in favour of the k-anonymity model launched with V2. Edit 1: The following day, I loaded another set of passwords which has brought this up to 320M.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |