(no title)
jan_g
|
3 years ago
Informative article! Regarding password length - it's been said many times that the easiest way to improve password security is to require longer passwords. 12 characters minimum, preferably 20. However, in practice, I've found out it's difficult to push through management/product people. It's completely fine to burden users with 10 different rules about upper/lower case, special symbols, etc., however requiring long passwords is out of the question. Would it not be much simpler to have one rule (for example, "Minimum length is 20 characters")?
dwaite|3 years ago
Often wrong. Longer passwords help with unlimited brute force attacks, but you can also do things like rate limit remote access (eg captchas after login failures) and use a more resource intensive key protection scheme like high iteration pbkdf2 or argon2
unknown|3 years ago
[deleted]