Comment on NIST proposes barring some of the most nonsensical password rules

<- View Parent
sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨month⁩ ago

Yup. All I care is that your password isn’t the entire works of Shakespeare or something like that. A couple hundred characters/bytes? You do you.

What really bothers me is when a website says something like: must have a special character, except these ones (proceeds to list everything except @ and !). And then the next one has the same rule, but different exceptions.

Passwords should be treated as a black box, just read it as bytes and throw it into the hash algorithm. You want to somehow enter a nyan cat? Be my guest, no guarantee the input box will accept it though.

source
Sort:hotnewtop