Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Semi-Hemi-Lemmygod@lemmy.world
    link
    fedilink
    English
    arrow-up
    40
    ·
    2 months ago

    One thing they should change is the word “password.” This implies that it’s a short string. Changing it to “passphrase” will help people feel comfortable choosing credentials like “correct horse battery staple.”

    • Soggy@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      I recently set up a password with a 16 character max, alphanumeric only, no spaces. The service is in no way a security threat but still.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        2 months ago

        A couple years ago I ran into one with a 12 character limit…

        I never understood password limits, other than something sufficiently large like 256 to prevent DOS. It’s not like the password is actually being stored anywhere… right? RIGHT??