undefined | Better HN

0 pointsdriverdan6y ago0 comments

Why would you need to disable autocomplete passwords for PCI compliance?

0 comments

Because either the PCI standard says so, or the PCI consultant says so.

PCI compliance is about checking boxes, not weighing the options and making good choices.

Exactly this. Some of the checks _are_ valuable. We found a couple of real issues and made good security improvements. But we also ticked off more than a few boxes that made no damn real sense.

j / k navigate · click thread line to collapse

0 comments

toast06y ago

Because either the PCI standard says so, or the PCI consultant says so.

PCI compliance is about checking boxes, not weighing the options and making good choices.

cdubzzz6y ago

Exactly this. Some of the checks _are_ valuable. We found a couple of real issues and made good security improvements. But we also ticked off more than a few boxes that made no damn real sense.

j / k navigate · click thread line to collapse