Comment on NIST proposes barring some of the most nonsensical password rules
xthexder@l.sw0.com 1 month agoNewer password hashing algorithms have ways of combatting this. For example, argon2 will use a large amount of memory and CPU and can be tuned for execution time. So theoretically you could configure it to take 0.5 seconds per hash calculation and use 1 GB or more of ram. That’s going to be extremely difficult to bruteforce 8 characters.
nyan@lemmy.cafe 1 month ago
Unfortunately, it’s rare that we can control what hashing algorithm is being used to secure the passwords we enter. I merely pray that any account that also holds my credit card data or other important information isn’t using MD5. Some companies still don’t take cybersecurity seriously.
xthexder@l.sw0.com 1 month ago
Storing credit card data has its own set of strict security rules that need to be followed. It’s also the credit card company’s problem, not yours, as long as you dispute any fraudulent charges early enough.
I’m coming at this from the perspective of a developer. A user can always use a longer password (and you should), but it’s technically possible to make an 8 character password secure, thus the NIST recommend minimum.