Site password requirements

Kick back and discuss whatever takes your fancy.
Post Reply
Bottletopman
Posts: 69
Joined: Thu Jan 05, 2017 12:28 am

Site password requirements

Post by Bottletopman » Mon Sep 24, 2018 8:38 am

Is there any way that the password requirements can be more relaxed/outright removed? While it's unlikely that this site is holding data crucial to national security, NIST password guidelines discourage password complexity and periodic password change requirements since users often get around such things by making easy to guess passwords.

I remember at my last job as a contractor, user password policy was something like at least 1 capital letter, number and/or special character and while migrating people over from Win 7 to 10 I had to get their passwords to copy over their stuff - I lost count of how many people had ridiculously easy to guess passwords that one could obtain just by getting friendly with them and asking them questions about things like their kids and how old they were. It also wasn't uncommon for people to simply change the password by one number when passwords reached their ridiculously short 2 month expiration time.

But who cares about what went on at my last job, it's simply quite bothersome. While making this post I just realised that with some sites that enforce incredibly complex password requirements (I remember one particular banking site enforcing 8 characters on passwords, no more, no less) cracking such passwords would be easier given that the attacker would know that passwords would be of specific length and characters.

I guess I'm just ranting since bouncing around different worksites I have had to come up with all sorts of passwords given the silly complexity requirements. At least on this site, I can have a say about it and not get ignored by upper management or something.
tp for my bunghole?

MyTaHTMacTep
Posts: 3
Joined: Fri Feb 21, 2020 2:48 pm

Re: Site password requirements

Post by MyTaHTMacTep » Fri Feb 21, 2020 4:17 pm

I'd suggest using a password manager like keepass. Even if you need one-offs, you can generate one and let your browser remember it. A lot of websites have these requirements to deflect any blame for dumb passwords.

Death_Reaper56
Posts: 72
Joined: Thu Nov 15, 2018 4:04 am

Re: Site password requirements

Post by Death_Reaper56 » Sun Feb 23, 2020 12:39 am

MyTaHTMacTep wrote:
Fri Feb 21, 2020 4:17 pm
I'd suggest using a password manager like keepass. Even if you need one-offs, you can generate one and let your browser remember it. A lot of websites have these requirements to deflect any blame for dumb passwords.
This topic was from two years ago.Please look at when something was posted before replying.

Post Reply