|
|
|
|
|
|
by Xss3
372 days ago
|
|
|
Hot take, password requirements are a necessity to prevent id10t errors. Another hot take, calling them passwords instead of pass phrases was a mistake. People have no problem making a secure pass phrase like 'apophis is coming in 2029’. It uses special chars and numbers, but some websites would reject it for spaces and some for being too long. I say these are hot takes despite aligning with NIST because I've never seen a company align with them. |
|
|
It only makes sense in HTTP basicauth and other system that keep plaintext passwords.