AmicitasNIST proposes barring some of the most nonsensical password rules
Any password length (within reason) and any character should be allowed. It’s going to be hashed and only the hash will be stored right? Length and character limits make me suspect it’s being stored in plain text.
Then you’re vulnerable to simple brute force attacks, which if paired with a dumped hash table, can severely cut the time it takes to solve the hash and reveal all passwords.
By any length I meant no maximum length. Obviously you don’t want to use a super short password.
MelodiousFunk“What’s your password?”
“The letter A.”
The Website is Down #1: Sales Guy vs. Web Dude
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Mine is the null string. They’ll never guess it!