Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • Lvxferre@mander.xyz
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    I don’t think that the entity should be blamed for the shitty manager. Specially given that the document has a full section (appendix A.2) talking about pass length.

    • NotMyOldRedditName@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 months ago

      The entity knows people will follow what they say for minimums. There’s already someone in the comment section saying they’re now fighting what these lax rules allow.

      Edit: stupid product managers will jump at anything that makes it easier for their users and dropping it to 8, no special characters, and no resets is the new thing now.