this post was submitted on 22 Nov 2024
15 points (100.0% liked)

Pulse of Truth

519 readers
48 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago
MODERATORS
 

Comments

top 4 comments
sorted by: hot top controversial new old
[–] graycube 6 points 4 weeks ago (1 children)

Interesting little history piece, but I did not see any evidence that password complexity rules don't help which i think was supposed to be the point of the article.

[–] [email protected] 1 points 3 weeks ago

The article leads with the US Government changing their recommendations on password policies, so the assumption is that they've done the homework. Still, yeah, I'd have been interested to see the details.

[–] Eheran 3 points 4 weeks ago

They got it wrong because they never understood how these passwords existed to begin with.

[–] [email protected] 1 points 3 weeks ago

So, how long until these US Government recommendations actually get implemented by the US Government?

The password requirements thst I constantly have to work around at work, for our Oracle server, are as follows:

  • Must change every 3 months
  • Cannot have X number of characters the same, compared to the previous password
  • Max length of 30 characters (god, but this always infuriates me)
  • At least 2 lowercase letters
  • At least 2 uppercase letters
  • At least 2 numbers
  • At least 2 symbol characters (but with a whole bunch of them, like @, considered invalid)
  • Cannot have the same character twice in a row (what possible purpose does this serve?!)

There's probably others I can't even remember, or haven't encountered.