|
|
|
|
|
|
by guerby
637 days ago
|
|
|
Before the change : https://pages.nist.gov/800-63-3/sp800-63b.html "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. " After the change: https://pages.nist.gov/800-63-4/sp800-63b.html "Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords." So advice to requirement for this part, which is great! |
|
|