We’ve all been there.

  • Tyler_Zoro@ttrpg.networkEnglish
    2·
    2 years ago

    Fun fact: password controls like this have been obsolete since 2020. Standards that guide password management now focus on password length and external security features (like 2FA and robust password encryption for storage) rather than on individual characters in passwords.

      • Proweruser@feddit.deEnglish
        01·
        2 years ago

        Except you can run a dictionary attack on that and suddenly it’s only 4 variables that are cracked way faster than the first password.

      • Proweruser@feddit.deEnglish
        01·
        2 years ago

        Except you can run a dictionary attack on that and suddenly it’s only 4 variables that are cracked way faster than the first password.

    • cley_faye@lemmy.worldEnglish
      1·
      2 years ago

      People should be made aware of all the tools available to properly manage tons of passwords. Not even going too deep into “passkey” stuff or any modern shenanigans, but a password manager used to generate random passwords for each separate sites is such a simple step.

    • fubo@lemmy.worldEnglish
      1·
      2 years ago

      Since 2017 at least; and IIRC years before that; that’s just the earliest NIST publication on the subject I could find with a trivial Web search.

      https://pages.nist.gov/800-63-3/sp800-63b.html

      Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

      “Memorized secrets” means classic passwords, i.e. a one-factor authentication through a shared secret presumed to be known to only the right person.