Standards agency recommends smart password policies, for security and your own sanity<article>
<section class="page">
<p>
I had an argument with a very smart, very capable server-side programmer a few years ago when I was integrating a project of my own with the Web services API (application programming interface) that he and his group had built. I was relying on his firm to manage the user session, including account information and password but no financial details, and I thought the password policy was
rather elaborate, while also not encouraging good passwords.</p><p>
I can’t remember the precise details, but I believe it involved the usual requirement of uppercase and lowercase characters, both a minimum and maximum length, and numerals and punctuation.</p><p>
My missive to him noted, “Entropy is better served by a longer memorable password than complex ones.” His argument was that people chose terrible passwords already, so enforcing some minimal complexity was better than allowing anything. We left it at that.</p><p class="jumpTag"><a href="/article/3116094/security/standards-agency-recommends-smart-password-policies-for-security-and-your-own-sanity.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Standards agency recommends smart password policies, for security and your own sanity
