NIST proposes barring some of the most nonsensical password rules - eviltoast

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Classy@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    21
    ·
    2 months ago

    The app my work uses to show 401k, pay, request leave, etc details, uses a ridiculous webapp that’s very slow, and on top of this, they nag you literally every 4 months to update your password. I used to be a good boy and memorize a new password each time. Now I just add a new letter into BitWarden and it’s my new password. Apparently this is more secure??

    • chiliedogg@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      I just add 1 to the number at the end of my password every time they force a change.

      I’m on 18 right now.

    • toddestan@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      My favorite are some of the work systems that I need to access, but only infrequently, yet still have ridiculous password expiration rules. Nearly every time I log in, before I can access the system I have to change my password because of course it’s expired again. So I change the password, write it down because I’ll never remember it months from now when I need to use that password exactly once to login and change my password yet again.