-
Did cache drives get nerfed?
I've had my Unraid server running for a long time. I don't usually bother with it much so don't notice the changes. I'm pretty sure when I set it up that the cache drive backed things up to the main array automatically. Now it appears to move them meaning they are no longer on the cache drive. Was this a change that happened or am I dreaming it? What is now the best practice for things like appdata which ideally I would like on the NVME SSD for performance, but then available on the array for redundancy too? I only have, and can only fit a single NVME.
-
Unraid.net Account Upgrades
Yes, you're correct but as you also say this is only really for brute force which assumes you have lost your password DB. Most attacks are either phishing or spray attacks now using compromised passwords.
-
Unraid.net Account Upgrades
It is not controversial, it is wrong. You calculator is just that, a calculator that states how many combinations there are available. Unfortunately, by enforcing complexity you have just removed any password from the available pool that does not meet your complexity requirements and drastically reduced the amount of time needed. However, this is pretty moot now as brute force password cracking is only really available once the password DB has been obtained. Most online compromises are now performed by using password breach lists (Password spray attacks) so checking that passwords are not on a breach list is really important - you are not doing this. The password Mississippi1 complies to your complexity rules and can be set as a password but it exists in the top 100 most common passwords. Removing complexity makes passwords easier to remember and encouraging pass phrases makes passwords easier to remember and harder to crack. Users mostly do the same thing when they create a password with complexity, they add a number to the end, or a ! and the bad actors know this. https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/ What can you do to improve: Add federation to allow user of Google, Microsoft or Apple accounts to signin - one less password for a user to remember and these companies are very good at security. Enable passkeys - The next gen in internet security Add compromised password checking - use a service such as https://haveibeenpwned.com/API/v3#PwnedPasswords which will stop any compromised password being set and therefore drastically reducing the success of password spray attacks. Remove complexity to increase the available number of passwords and make them easier to remember. Side note, happy to sell you some consultancy on this
-
Unraid.net Account Upgrades
Why on earth are you implementing archaic complexity requirements? Do you not follow the best practices for Identity - password complexity DOES NOT improve security, in fact there is strong evidence to prove it weakens security. Please, please, please, follow best practices: Use a minimum password length of at least 12 and maximum at least 64 Drop complexity requirements Check passwords against a compromised password list (e.g. haveibeenpwned.com) Encourage the use of pass phrases. "robot banana gunmetal" is a lot more secure than "Pa$$w0rd1" which meets your complexity rules - https://haveibeenpwned.com/Passwords Don't just take my word for it though: https://letmegooglethat.com/?q=modern+password+requirements
JamieV
Members
-
Joined
-
Last visited