|
|
|
|
|
|
by pdw
671 days ago
|
|
|
There are the NIST guidelines on "memorized secrets" (passwords): https://pages.nist.gov/800-63-3/sp800-63b.html#5-authenticat... > Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). It has much to say on all kinds of other password nonsense: > Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. > Truncation of the secret SHALL NOT be performed. > Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. > In order to assist the claimant in successfully entering a memorized secret, the verifier SHOULD offer an option to display the secret — rather than a series of dots or asterisks — until it is entered. |
|
|