NIST proposes barring some of the most nonsensical password rules - eviltoast

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • toddestan@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 months ago

    My favorite are some of the work systems that I need to access, but only infrequently, yet still have ridiculous password expiration rules. Nearly every time I log in, before I can access the system I have to change my password because of course it’s expired again. So I change the password, write it down because I’ll never remember it months from now when I need to use that password exactly once to login and change my password yet again.