4 Jan
2024
4 Jan
'24
2:17 p.m.
On Thu, 4 Jan 2024 at 09:48, Randy Bush <randy@psg.com> wrote:
e.g. perhaps 2fa and a password entropy test should be required of rov registrants
Gandi allows SADDR lock to manage the domain, I always thought that's pretty nice to reduce surface area. Considering if your domain is pwned, every account is pwned, as email is used for authentication ~always. 2FA is good, webauthn would be great, I don't think any solution that tries to address password quality is useful at all, people will find ways to deliver bad passwords in every policy and it may be difficult to predict if policy increases or decreases probability of bad password. SADDR, webauthn, 2FA, not PW policy. -- ++ytti