W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2013

Password Policy and Account Lockout Policy for KeyStorage

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Mon, 14 Jan 2013 19:51:59 +0900
Message-ID: <CAE-+aYKzXNWCaAA310CT2VkF1Ea9ek26Dz4v2xk9Jf40hq=MVQ@mail.gmail.com>
To: Web Cryptography Working Group <public-webcrypto@w3.org>
Hi
I have a question.

when I discuss with internal Korean Members
I found the requirement for password and account lockout policies for
keyStorage.

Password and Account Lockout policies are normally covers followings
- password complexity
- password duration
- allowed attempts
- lockout duration
- prevent to use already used passwords
- timeout
- ...

I'm not sure it is belong the scope of our working group
but when we considering the security compliances, it is required feature
(binary plugins were implementing it)

any comments?


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World
Received on Monday, 14 January 2013 10:52:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC