|
|
|
|
|
|
by jessaustin
3042 days ago
|
|
|
Why are you calling this a "credential validating service" rather than a "password validating service"? Credentials don't have to be passwords, instead they could be tokens or signed data. Passwords are the worst credentials, and they should only be considered when nothing else would work. The form of validation you propose is not exhaustive either. "a" repeated 57 times might not be on any of the lists, but it's still a bad passphrase. |
|
|