I'm tired of web sites inflicting known-bad rules on passwords.
-
I'm tired of web sites inflicting known-bad rules on passwords. Like what characters are required, or minimum length.
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html
https://tuta.com/blog/minimum-password-lengthTL;DR: don't require specific classes of characters, require at least 15 characters.
I'd go for a minimum length of at least 16, myself. Brute force guessing is a thing and is dealt with by using longer passwords.
Any web site that doesn't follow these is just security incompetent.
-
undefined rag. Gustavino Bevilacqua ha condiviso questa discussione
undefined Oblomov ha condiviso questa discussione
-
I'm tired of web sites inflicting known-bad rules on passwords. Like what characters are required, or minimum length.
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html
https://tuta.com/blog/minimum-password-lengthTL;DR: don't require specific classes of characters, require at least 15 characters.
I'd go for a minimum length of at least 16, myself. Brute force guessing is a thing and is dealt with by using longer passwords.
Any web site that doesn't follow these is just security incompetent.
@liw or even worse, when public sector regulations enforce obsolete and harmful rules, and even when the people running the services know what they should do, they are forced to do the wrong thing.
-
@liw or even worse, when public sector regulations enforce obsolete and harmful rules, and even when the people running the services know what they should do, they are forced to do the wrong thing.
