Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Semi-Hemi-Lemmygod
    link
    English
    402 months ago

    One thing they should change is the word “password.” This implies that it’s a short string. Changing it to “passphrase” will help people feel comfortable choosing credentials like “correct horse battery staple.”

    • @Soggy
      link
      English
      52 months ago

      I recently set up a password with a 16 character max, alphanumeric only, no spaces. The service is in no way a security threat but still.

      • @[email protected]
        link
        fedilink
        English
        6
        edit-2
        2 months ago

        A couple years ago I ran into one with a 12 character limit…

        I never understood password limits, other than something sufficiently large like 256 to prevent DOS. It’s not like the password is actually being stored anywhere… right? RIGHT??