NIST knows about super-fast password hash cracking rigs, too, as well as password managers. So, why does NIST not also recommend MFA and password managers? First, they do recommend using MFA and allow it to be used on all levels of systems. They do say in NIST SP 800-63 to avoid using MFA connected to phone numbers (e.g., SMS-based or voice-based MFA) for anything but the lowest level systems.
On the Northwestern, Captain Sig hits a hot string in bad seas, and the crew takes a chow break between strings. Matt informs Sig that the electrical breaker panel is "hot, hot" to the touch. Sig calls Edgar in to find the problem. With all the new electronics and hydraulics added in recent years, boat electrical systems like Northwestern's are past their design limits. Once again, Jake will have to use the manual ship's wheel to steer while Edgar works on the panel. Edgar trims the crusty part of a panel wire to reveal good wire, reattaches it to the panel, and successfully powers up the wheelhouse. Their next string is continuing good numbers when Sig gets a call from his wife, informing him she actually has given their daughter Mandy her permission to go crab fishing. Sig never expected his wife would ever do that. "Me and my big mouth, huh?" 2b1af7f3a8