Password

Josh and Kurt talk about new NIST password guidance. There’s some really good stuff in this new document. Ideas like usability and equity show up (which is amazing). There’s more strict guidance against rotating passwords and complex passwords. This new guidance gives us a lot to look forward to. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_461_The_new_NIST_password_guidance.mp3 Show Notes Usagi Electric NIST proposes barring some of the most nonsensical password rules NIST SP 800-63(B) STRIDE threat model PASTA threat model

Josh and Kurt talk about the Coinbase Super Bowl ad. It was a QR code, lots of security people were aghast at how many people scanned the QR code. The reality is scanning QR codes isn’t dangerous. What other security advice just won’t go away? https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_311_Did_you_scan_the_QR_code.mp3 Show Notes Coinbase Ad Kurt’s Twitter question QR code parking scam Mossad or not Mossad Kurt’s talk