NIST proposes barring some of the most nonsensical password rules - eviltoast

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Sneezydinosaur@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    I had a simulator for school truncate after like 13 characters. And nowhere on their page did it specify a character limit. Would still accept an input of like 64 characters though. Got locked out of that account many times.

    • Hazor@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      I’ve run into similar: on the account creation page there was no character limit on the input box nor stated in the password requirements, but on the login page the password input box was limited to 14 characters. So you could successfully create an account with a long password, you just couldn’t log in because it wouldn’t let you enter the whole password.