Can I change my vote? Maya Rudolph for president.

Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated. This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses. The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines". The 2024 version is 800-63-4. Here: pages.nist.gov/800-63-4/ The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org. The previous update was in2020. The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead: 1. After a breach/compromise 2. User request 2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords. This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this. Most frameworks, however, have moved away from arbitrary password resets and complexity rules. **We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them. Using complexity rules gets you the user psychology of: Password1 Password2 and so on Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies. I'm so excited for the new changes! Ok I'm off my soapbox. Share the love! Thank you!

In anticipation of the Osceola County School Board's vote on a school chaplain policy this evening, The Satanic Temple has sent a letter outlining what this could mean for the community. Stay tuned for more!

There is absolutely no place for political violence in our democracy. Although we don’t yet know exactly what happened, we should all be relieved that former President Trump wasn’t seriously hurt, and use this moment to recommit ourselves to civility and respect in our politics. Michelle and I are wishing him a quick recovery.

I swear - Someone needs to take some UX lessons @Windows - Rearranging the BlueTooth device list for each new device detected (rather than appending to the list) causes people to click on the wrong device. Once a device is detected it should STAY PUT.

Hey @Microsoft - What the hell is wrong with your store that I can't GIVE YOU MONEY for a copy of Minecraft for my kid? We’re having trouble processing your payment and we’d like to get it sorted out. Get more info prfahO6F7Ugu5cxvVRF7Sj.0.5 Wed, 20 Mar 2024 13:54:25 GMT

I don't think folks are aware how many engineering managers decide the job isn't for them and go back to being an IC (independent contributor). Not everyone enjoys the role and it's TOTALLY okay to recognize that and transition back to engineering.

Tibbles are brown because they evolved from cardboard boxes.

NPM is, as always, fucking broken. Package-lock was supposed to ensure that you’d get the same versions, instead I get broken ones.

I've interacted with a handful of banks recently. Dealing with credential rotation (SSH Keys, PGP Keys, Password changes). Highest scoring so far? @jpmorgan / @Chase - 9/10. Nobody else scores close so far.

Teams is an asynchronous communications channel. Please just ask your question. Saying "Hello" and then nothing - doesn't help me help you.

Nothing quite so annoying as a UI that Moves while you interact with it. @Windows 11 Bluetooth menu, I'm looking at you.

What I wouldn't give for a tool that would actually show me *everything* in my AD Domain that a group actually grants access to.

I cannot tell you how much I have come to love Quick Assist in Windows (support.microsoft.com/en-us/…) Back in the day I would use Fog Creek's CoPilot, but having this backed in to windows is just the best when you are Family Tech Support.

What the fuck @Azure - Why the hell you gotta use Alert in your JS on the Portal and make my browser bitch about the site showing alerts when my session times out?

When you're asking developers to build you something, you can't just list your requirements. You need to list your assumptions. Otherwise they will make different ones and not tell you or ask you about them until it is entirely too late.

Sometimes I swear I have some kind of aphasia because people just don't understand what I'm asking them to do.

I'm not saying React is evil, but look at those likes - @moshhamedani

If you think you have some god-given right to land? You don't.

Classic Problem for Software Engineering Teams: Business: We need this built now! Dev: Ok, but you haven't defined what _this_ is Business: I don't care, get started!