Pages: [1]   Go Down
  Print  
Author Topic: Standards agency recommends smart password policies, for security and your own sanity  (Read 418 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: October 17, 2016, 04:05:14 pm »

Standards agency recommends smart password policies, for security and your own sanity

<article>
   <section class="page">
<p>
I had an argument with a very smart, very capable server-side programmer a few years ago when I was integrating a project of my own with the Web services API (application programming interface) that he and his group had built. I was relying on his firm to manage the user session, including account information and password but no financial details, and I thought the password policy was rather elaborate, while also not encouraging good passwords.</p><p>
I can’t remember the precise details, but I believe it involved the usual requirement of uppercase and lowercase characters, both a minimum and maximum length, and numerals and punctuation.</p><p>
My missive to him noted, “Entropy is better served by a longer memorable password than complex ones.” His argument was that people chose terrible passwords already, so enforcing some minimal complexity was better than allowing anything. We left it at that.</p><p class="jumpTag"><a href="/article/3116094/security/standards-agency-recommends-smart-password-policies-for-security-and-your-own-sanity.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>

Source: Standards agency recommends smart password policies, for security and your own sanity
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: