Dumb Password RulesAug 19, 2023

This dumb password rule is from Nevada DMV.

- Password length must be exactly 8 characters in length
- Password must contain at least one letter (any position)
- Password must contain at least one number (any position)
- Password must contain one of the following special characters: @ # $
- Password is not case sensitive

https://dumbpasswordrules.com/sites/nevada-dmv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Nevada DMV - Dumb Password Rules

- Password length must be exactly 8 characters in length - Password must contain at least one letter (any position) - Password must contain at least one number (any position) - Password must contain one of the following special characters: @ # $ - Password is not case sensitive

Show threadJordan (Damn Good Tech)Aug 19, 2023
@dumbpasswordrules In a cybersecurity class in college I made the case that complex password rules can make passwords *less* safe because it essentially whittles down variations and allows a more defined "schema" attackers can use for brute force password attacks.
Show threadF13
@damngoodtech @dumbpasswordrules Plus, it's the "worst case" password that attackers are targeting, so improving that at the expense of other passwords is still a valid tradeoff, even if it made the average case worse too.
Aug 20, 2023 at 2:55pmTusky