• 0 Posts
  • 19 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle



  • It sets both the technical requirements and recommended best practices for determining the validity of methods used to authenticate digital identities online. Organizations that interact with the federal government online are required to be in compliance

    My argument is that if this document (and others) are requirements for companies shouldn’t there also be a more approachable document for people to use?

    Sure, have the jargon filled document that those in the know can access, but without an additional not so jargon-y document you’ve just added a barrier to change. Maybe just an abstract of the rule changes on the front page without the jargon?

    I don’t know, maybe it’s not a big deal to compliance officers but just seems to me (someone that isn’t a compliance officer) that obfuscating the required changes behind jargon and acronyms is going to slow adoption of the changes.




  • True. But the people advocating for these laws don’t want to deal with nuance and compromise on what it would take to have a society where you educate people on sex in a healthy and positive way. These prohibitionists see the world as either bad or good - nothing in between. Good (how ever they decide to define it) must win no compromises, and the weapon that they use is unfounded fear of the bad and it works.

    And the reason fear works is because it is easy and visceral and reality’s complexity doesn’t work for media’s need for sound bites.










  • One problem is that a great deal of correct security advice contradicts “common knowledge” security practices. Password character classes – “must include capitals, lowercase, numbers, and symbols” – are a standard example. That idea got rooted in security requirements for banks and such, and it was a bad idea even then.

    I don’t know a lot about computer security - but must include capitals, lowercase, numbers, etc seems like a good idea, why is it not?