Y
Hacker News
new
|
ask
|
show
|
jobs
by
Rygian
1371 days ago
My employer does it for products requiring PCI certification. Our PCI auditor recommends it even though it's not a formal requirement of PCI v3.
1 comments
darkarmani
1371 days ago
That sounds like a terrible trade-off that makes people more likely to write down passwords on post-it notes or in a clear-text file to cut-n-paste. Especially if you lock accounts after a 10 tries or so (or PCI's ridiculous low number of tries).
link