|
Title: Standards agency recommends smart password policies, for security and your own sanity Post by: HCK on October 17, 2016, 04:05:14 pm Standards agency recommends smart password policies, for security and your own sanity
<article> <section class="page"> <p> I had an argument with a very smart, very capable server-side programmer a few years ago when I was integrating a project of my own with the Web services API (application programming interface) that he and his group had built. I was relying on his firm to manage the user session, including account information and password but no financial details, and I thought the password policy was rather elaborate, while also not encouraging good passwords.</p><p> I can’t remember the precise details, but I believe it involved the usual requirement of uppercase and lowercase characters, both a minimum and maximum length, and numerals and punctuation.</p><p> My missive to him noted, “Entropy is better served by a longer memorable password than complex ones.” His argument was that people chose terrible passwords already, so enforcing some minimal complexity was better than allowing anything. We left it at that.</p><p class="jumpTag"><a href="/article/3116094/security/standards-agency-recommends-smart-password-policies-for-security-and-your-own-sanity.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: Standards agency recommends smart password policies, for security and your own sanity (http://www.macworld.com/article/3116094/security/standards-agency-recommends-smart-password-policies-for-security-and-your-own-sanity.html#tk.rss_all) |