downtown_'s comments

downtown_ · 2025-09-24T07:02:26 1758697346

This is not related to password hashing.,.

downtown_ · on Dec 15, 2020

You are allowed to use the NIST Guidance as a reason to change that to a longer timeframe. I have a couple of clients that are using 365days as of 2019.

downtown_ · on Dec 15, 2020

You are allowed to use the NIST Guidance as a reason to change that to a longer timeframe. I have a couple of clients that are using 365days as of 2019.

downtown_ · on Aug 23, 2019

https://github.com/usdAG/cstc this implements This as a burp plugin. A few Colleagues developed this and released it two weeks ago at defcon

downtown_ · on June 2, 2019

No. You can use NIST guidance and are not required to change your password every 90 days

downtown_ · on July 26, 2018

No. You are free to reference nist and use a compensating control for that. No more pw changes :) Source: QSA

monocasa · on July 26, 2018

I guess I was under the impression that compensating controls don't really let you question the efficacy of the point of the original requirement, but instead "we're meeting the requirement in this other way"?