Amicitas@lemmy.world to

Technology@lemmy.worldEnglish · 1 day ago

NIST proposes barring some of the most nonsensical password rules

arstechnica.com

1

NIST proposes barring some of the most nonsensical password rules

arstechnica.com

Amicitas@lemmy.world to

Technology@lemmy.worldEnglish · 1 day ago

Proposed guidelines aim to inject badly needed common sense into password hygiene.

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

Chat

frezik@midwest.social
link
fedilink
English
arrow-up
0·
20 hours ago
Some kind of upper bound is usually sensible. You can open a potential DoS vector by accepting anything. The 72 byte bcrypt/scrypt limit is generally sensible, but going for 255 would be fine. There’s very little security to be gained at those lengths.

Technology@lemmy.world

technology@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

587 users / day
2.28K users / week
5.48K users / month
10.9K users / 6 months
0 local subscribers
58.3K subscribers
4.13K Posts
104K Comments
Modlog