Post Friends My journal
halffast

take that PCI!

Oct 01, 2009 10:36

fuck PCI up the nose.

my bank started using the PCI standards of "change your password every 90 days" and "can't use any of the previous past 4 passwords"
(okay. making account holders change their accounts that often isnt in the spec, but that's still their idea of password security)

since i access it all of once a month, it took me a bit to figure ( Read more... )

Leave a comment

Comments 3

tomstampy October 1 2009, 18:16:00 UTC
Agree. What matters far more than changing passwords is not using the same one for everything. but there's zero chance of getting most public to go to any sort of algorithmic-password system, so we pretend changing passwords makes them more secure. because clearly we have to worry lots about thieves obtaining passwords and then sitting on them for 90 days.

Reply

kochj23 October 1 2009, 18:58:53 UTC
You should go through a PCI level 1 audit. They seriously blow.

Reply

halffast October 1 2009, 19:10:54 UTC
i can imagine.

i've dealt with other folks who have PCI requirements that they are trying to foist onto our SSO infrastructure, but, as Tom said, they should have different passwords for the stuff that needs higher protection like that

Reply

Leave a comment

Up
Homepage Read journal... Full version Help Русская версия
© 1999-2024 LiveJournal, Inc.