Comment on My password is not accepted because it is too long
Kushan@lemmy.world 1 week agoYou have described all of the guidelines that NIST, Microsoft, GCHQ and a few other institutions now recommend for password security.
And yet I still have to have this argument with so-called security engineers and my favourite, compliance officers.
Buffalox@lemmy.world 1 week ago
Because they are morons that don’t understand entropy.
Requiring at least 1 number increases entropy less than simply allowing the use of numbers, and then recommending it.
But most password queries are lousy at describing what’s allowed when creating it, and they generally don’t describe it at all when you enter it for access.
The second part can be crucial for remembering exactly how the password was created, because what is now required, used to often not even be possible to use!