Skip to content

Remediation

Password Policies

  • https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
  • https://www.cisecurity.org/insights/white-papers/cis-password-policy-guide
  • https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss
  • Expiration

  • Enforcing the Password Policy is important

  • AD - https://activedirectorypro.com/how-to-configure-a-domain-password-policy/
  • Check password strength - https://www.passwordmonster.com/
  • Generate passwords - https://1password.com/password-generator/

Password Managers

  • synchronization across devices

  • check Bitwarden1Password and LastPass documentation

  • online password managers is deriving keys based on the master password. Its purpose is to provide a Zero Knowledge Encryption, which means that no one, except you (not even the service provider), can access your secured data.

  • https://www.youtube.com/watch?v=w68BBPDAWr8 - how they work

  • https://blog.dashlane.com/password-storage-cloud-versus-local/ - cloud vs local

Passwordless

  1. Microsoft Passwordless
  2. Auth0 Passwordless
  3. Okta Passwordless
  4. PingIdentity