Lukasz OlejnikSep 24, 2024
GREAT change is approaching. NIST will standardise prohibition of requirement of composing passwords from various character styles, and requirement for periodic password changes. These are harmful and obsolete rules. Now they will be treated as a cybersecurity weakness https://pages.nist.gov/800-63-4/sp800-63b.html
NIST Special Publication 800-63B

NIST Special Publication 800-63B

Show threadTachibana Kanade
@LukaszOlejnik @TheShillito A broad interpretation of that would seem to preclude blocking single dictionary words and passwords found in data breaches. Is it the intention that dictionary attacks should be blocked via other mechanisms?
Sep 25, 2024 at 10:53amIvory for iOS
Show threadMagnus AhltorpOct 1, 2024
@h0m54r @LukaszOlejnik @TheShillito I don’t see any prohibition on testing for non-algorithmic subsets, i.e. wordlist good, characterset bad.