undefined | Better HN

0 pointsmoyix5y ago0 comments

The problem is really the opposite – too many organizations slavishly follow the pre-2017 NIST guidance!

Per wikipedia:

> From 2004, the “NIST Special Publication 800-63. Appendix A,”[2] advised people to use irregular capitalization, special characters, and at least one numeral. It also recommended changing passwords regularly, at least every 90 days. This was the advice that most systems followed, and was "baked into" a number of standards that businesses needed to follow.

0 comments

1 comments · 1 top-level

kevinarpe5y ago

I agree. I cannot recall a single corporate password policy in my working life that did not require regular password resets. And now that I think about it, I am surprised that Google does not ask me to reset my password on a regular basis. I guess Google follows the latest NIST advice!

(For other readers: It seems that quote comes from here: https://en.wikipedia.org/wiki/Password_policy)

j / k navigate · click thread line to collapse