Password Policy and Account Lockout Policy for KeyStorage from Mountie Lee on 2013-01-14 (public-webcrypto@w3.org from January 2013)

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Mon, 14 Jan 2013 19:51:59 +0900
To: Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CAE-+aYKzXNWCaAA310CT2VkF1Ea9ek26Dz4v2xk9Jf40hq=MVQ@mail.gmail.com>

Hi
I have a question.

when I discuss with internal Korean Members
I found the requirement for password and account lockout policies for
keyStorage.

Password and Account Lockout policies are normally covers followings
- password complexity
- password duration
- allowed attempts
- lockout duration
- prevent to use already used passwords
- timeout
- ...

I'm not sure it is belong the scope of our working group
but when we considering the security compliances, it is required feature
(binary plugins were implementing it)

any comments?


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Monday, 14 January 2013 10:52:47 UTC