Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
0 points
Rygian
3y ago
0 comments
Share
My employer does it for products requiring PCI certification. Our PCI auditor recommends it even though it's not a formal requirement of PCI v3.
undefined | Better HN
0 comments
default
newest
oldest
darkarmani
3y ago
That sounds like a terrible trade-off that makes people more likely to write down passwords on post-it notes or in a clear-text file to cut-n-paste. Especially if you lock accounts after a 10 tries or so (or PCI's ridiculous low number of tries).
j
/
k
navigate · click thread line to collapse
