Morning Reading Notes: Wednesday 2017-08-09

  • Microsoft dumps notorious Chinese secure certificate vendor | ZDNet - I'm just learning about TLS certificates at this stage for internal 2-way authentication purposes at work.  It's neat to see how much work goes into maintaining trust for Certificate Authority services.
  • The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time - the publisher of NIST Special Publication 800-63. Appendix A comes out against our usual password practices as ineffective.  I'm sure it'll take the rest of the world a while to stop following that bad advice.
    • Hope for the future: "...the latest set of NIST guidelines recommends that people create long passphrases rather than gobbledygook words like the ones Bill thought were secure."

And for those following the controversy at Google on Engineer Damore bringing into question diversity initiatives at Google: