Submission + - Ask Slashdot: Password standards? 9
eggegick writes: Is there some sort of official standard for password length and
complexity that we can ask organizations to use? Every site I visit
has its own idea of the minimum and maximum number of characters, the
number of digits, the number of upper/lowercase characters, the number
of punctuation characters allowed and even what punctuation characters
are allowed and which are not.
The limit of password size really torques me, as that suggests they
are storing the password (they need to limit storage size), rather
than its hash value (fixed size), which is a real security blunder.
Also, the stupid dots drive me bonkers, especially when there is no
"unhide" button. For crying out loud, nobody is looking over my
shoulder! Make the "unhide" default.
I know the NIST has recommendations, but they are fuzzy, not a simple
statement you can give to Grandma.
complexity that we can ask organizations to use? Every site I visit
has its own idea of the minimum and maximum number of characters, the
number of digits, the number of upper/lowercase characters, the number
of punctuation characters allowed and even what punctuation characters
are allowed and which are not.
The limit of password size really torques me, as that suggests they
are storing the password (they need to limit storage size), rather
than its hash value (fixed size), which is a real security blunder.
Also, the stupid dots drive me bonkers, especially when there is no
"unhide" button. For crying out loud, nobody is looking over my
shoulder! Make the "unhide" default.
I know the NIST has recommendations, but they are fuzzy, not a simple
statement you can give to Grandma.