NIST proposes barring some of the most nonsensical password rules - eviltoast

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

    • WhatAmLemmy@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      I would always just create 1 password and append a number and it’s special char, cycling from 1 to 0; like 1!, 2@, 3#. Never stayed at a place long enough to go higher than 7 or 8.

      I never gave a fuck about doing this because it’s the companies fault for applying stupid policies. Whenever I’ve been allowed a password manager, they got real security instead of malicious compliance.

    • Eril@feddit.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 months ago

      I feel like it’s not a big impact on security if I use 2fa anyway. (Base password)(month)(year) is fine for me 😅