EDVOC Posted February 28, 2021 Share Posted February 28, 2021 Could the sites password requirements be adjusted to be more passphase friendly by removing the case and number requirements? In the latest NIST guidelines it recommends against using these composition rules"Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets" According to the NIST these requirements don't provide as much benefit as expected as the requirements are usually met in a predictable manner. It also encourages users to reuse passwords it is more difficult to remember to remember case and numbers in a phrase. [source] Link to comment Share on other sites More sharing options...
Pickysaurus Posted February 28, 2021 Share Posted February 28, 2021 This has been discussed to death since we changed our password requirements in November 2019. While the feedback is appreciated, we are aware some users find the requirements too difficult and do believe that (from an account security standpoint) our password requirements are fine as they are. If you're having trouble remembering your password I recommend a password manager such as LastPass or letting your browser remember your login info. Link to comment Share on other sites More sharing options...
Recommended Posts