What is with bad password requirements (lemmy.blahaj.zone)

submitted 1 day ago* (last edited 23 hours ago) by NullNet@lemmy.blahaj.zone to c/cybersecurity@infosec.pub

23 comments fedilink hide all child comments

Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I'd assume. It's bad enough I gotta make a million accounts when applying to jobs but then you got my PII sitting behind such terrible password requirements it makes me wonder where else they are cutting corners on security.

you are viewing a single comment's thread
view the rest of the comments

[-] OmegaLemmy@discuss.online 9 points 1 day ago

There needs to be a law to forbid passwords not providing 64 character max

[-] Hamartiogonic@sopuli.xyz 9 points 1 day ago

Why stop there? 128 or 256 sound much nicer. Actually, while you’re at it, 4096 should be enough to fit a short story.

[-] cynar@lemmy.world 3 points 22 hours ago

There are use cases where long passwords could be problematic. 64 would be long enough for most purposes, but short enough not to cause issues for things like microcontrollers.

It should be paired with a strongly recommended larger value, however.

[-] subtext@lemmy.world 6 points 19 hours ago

The new NIST recommendations give a recommendation of at least a 64 character maximum.

Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.

https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver

this post was submitted on 28 Nov 2024

57 points (96.7% liked)

cybersecurity

3306 readers

145 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub