top | item 25422286

(no title)

alanning | 5 years ago

Should be noted that NIST’s current recommendations are meant to be part of a number of mitigation’s including checking passwords against known-breach databases, rate-limiting, etc.

Without those other mitigations, pw rotation may still help more than it hinders, although I am definitely not a fan of it and recommend implementing all of the NIST’s recs instead.

For those looking to head that route, haveibeenpwned offers an API to check hashes against previous breaches. For a pw strength meter, have a look at zxcvbn.

discuss

No comments yet.