|
|
|
|
|
|
by bqe
2615 days ago
|
|
|
NIST 800-63b actually recommends against character class requirements[1] in favor of minimum length requirement and blacklists of breached passwords and other obvious passwords. Sites that require special characters are not following the current best practice. [1]: https://pages.nist.gov/800-63-3/sp800-63b.html |
|
|