Pulse of Truth

519 readers

48 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago

MODERATORS

[email protected]

How some of the world's most brilliant computer scientists got password policies so wrong (stuartschechter.org)

submitted 4 weeks ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

Comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 3 weeks ago

So, how long until these US Government recommendations actually get implemented by the US Government?

The password requirements thst I constantly have to work around at work, for our Oracle server, are as follows:

Must change every 3 months
Cannot have X number of characters the same, compared to the previous password
Max length of 30 characters (god, but this always infuriates me)
At least 2 lowercase letters
At least 2 uppercase letters
At least 2 numbers
At least 2 symbol characters (but with a whole bunch of them, like @, considered invalid)
Cannot have the same character twice in a row (what possible purpose does this serve?!)

There's probably others I can't even remember, or haven't encountered.