View Single Post
Old 25 Jun 2017, 10:28 PM   #1
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,933
you shouldn’t be forced to use special characters in your passwords

From the Quartz Media magazine:

Quote:
The standards organization of the United States, NIST, has concluded that many common requirements for passwords, like forcing you to use special characters, are misguided.

Instead, NIST recommends the use of lengthy passwords, and instructs administrators to allow passwords to run at least 64 characters long. It also says people should only be forced to change their passwords if there is evidence of tampering, rather than at an arbitrary interval.

[T]he guidelines say that administrators should take actions that make accounts more secure than special characters ever could—for instance, preventing the use of common passwords and those that have been previously exposed in breaches, and creating a waiting period between incorrect login attempts.
Link to the NIST guidelines (only four volumes, enjoy....)
janusz is offline   Reply With Quote