Skip Navigation

Technology @lemmy.world Amicitas @lemmy.world 3 mo. ago

NIST proposes barring some of the most nonsensical password rules

arstechnica.com NIST proposes barring some of the most nonsensical password rules

Proposed guidelines aim to inject badly needed common sense into password hygiene.

NIST proposes barring some of the most nonsensical password rules

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

Cybersecurity @sh.itjust.works Admiral Patrick @dubvee.org 3 mo. ago

arstechnica.com /security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

Cybersecurity @sh.itjust.works Nemeski @lemm.ee 3 mo. ago

NIST proposes barring some of the most nonsensical password rules

arstechnica.com /security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

You're viewing a single thread.

179 comments

One thing they should change is the word "password." This implies that it's a short string. Changing it to "passphrase" will help people feel comfortable choosing credentials like "correct horse battery staple."
- I recently set up a password with a 16 character max, alphanumeric only, no spaces. The service is in no way a security threat but still.
  
  A couple years ago I ran into one with a 12 character limit...
  
  I never understood password limits, other than something sufficiently large like 256 to prevent DOS. It's not like the password is actually being stored anywhere... right? RIGHT??

You've viewed 179 comments.