You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can anyone provide references to studies with data that support the new password recommendations in sp800-63b ?
Specifically: Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
I've seen references to studies in many articles but I'm unable to find them. This data would help to move our organization in this direction.
The text was updated successfully, but these errors were encountered:
Can anyone provide references to studies with data that support the new password recommendations in sp800-63b ?
Specifically:
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
I've seen references to studies in many articles but I'm unable to find them. This data would help to move our organization in this direction.
The text was updated successfully, but these errors were encountered: