Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • naticus
    link
    English
    442 months ago

    Very common for pass phrases, and not dissuaded. Pass phrases are good for people to remember without using poor storage practices (post it notes, txt file, etc) and are strong enough to keep secure against brute force attacks or just guessing based off knowledge of the user.

    • @grue
      link
      English
      102 months ago

      On one hand, that’s true. On the other hand, a person should only need exactly one passphrase, which is the one used to unlock their password manager. Every other password should be randomly-generated and would only contain space characters by chance.

      • naticus
        link
        English
        192 months ago

        That’s great in theory, but you’ll have passwords for logging into OSes too which password managers do not help with and you better have it memorized or you’re going to have a bad time.