542

NIST proposes barring some of the most nonsensical password rules(arstechnica.com)

posted
by
Avatar
Amicitas@lemmy.world
in
Avatar
technology@lemmy.world
178 comments
hidereport

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
tastysnacks@programming.dev
-26 points

What kind of barbarian puts a space in their password?

permalink
report
parent
reply
Avatar
naticus@lemmy.world
44 points

Very common for pass phrases, and not dissuaded. Pass phrases are good for people to remember without using poor storage practices (post it notes, txt file, etc) and are strong enough to keep secure against brute force attacks or just guessing based off knowledge of the user.

permalink
report
parent
reply
Avatar
grue@lemmy.world
10 points

On one hand, that’s true. On the other hand, a person should only need exactly one passphrase, which is the one used to unlock their password manager. Every other password should be randomly-generated and would only contain space characters by chance.

permalink
report
parent
reply
Avatar
naticus@lemmy.world
19 points

That’s great in theory, but you’ll have passwords for logging into OSes too which password managers do not help with and you better have it memorized or you’re going to have a bad time.

permalink
report
parent
reply
Avatar
lol_idk@lemmy.ml
29 points

I’m waiting for backspace to be a valid character

permalink
report
parent
reply
Avatar
lol_idk@lemmy.ml
3 points

Also there’s the no space space. But that’s really only useful in hacking bad implementations of html parsers or putting in your code you post online to mess with people.

permalink
report
parent
reply
Avatar
dual_sport_dork 🐧🗡️@lemmy.world
2 points

That’s the “zero width space,” Alt + 200B for Windows users. Another favorite of mine is the nonbreaking space, Alt + 0160, which a staggering majority of web sites and other systems fail to account for.

permalink
report
parent
reply
Avatar
rebelsimile@sh.itjust.works
16 points

gosh who would want an uncommon character that obviously most average people aren’t thinking about in their passwords, that sounds like it might even be somewhat secure.

permalink
report
parent
reply
Avatar
Eager Eagle@lemmy.world
1 point

hunter 2

unhackable

permalink
report
parent
reply
Avatar
randombullet@programming.dev
6 points

My passphrase includes several spaces. It’s another character to assist in entropy.

permalink
report
parent
reply
Avatar
portifornia@lemmy.world
1 point

I’m with you, despite seeing lemmings downvote the heck out of your comment 😢

The reason, and specifically for whitespace at the beginning or end of a password, is that a lot of users copy-paste their passwords into the form, and for various reasons, whitespace can get pasted in, causing an invalid match. No bueno.

Source: I’m a web developer who has seen this enough times that we had to implement a whitespace-trim validation for both setting & entering passwords.

permalink
report
parent
reply
Avatar
orclev@lemmy.world
7 points

Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

Community stats

  • 18K

    Monthly active users

  • 5.2K

    Posts

  • 96K

    Comments

Community moderators