search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.97k stars 3.91k forks source link

Update: Authentication_Cheat_Sheet #1506

Closed nobodynate closed 3 weeks ago

nobodynate commented 3 weeks ago

What is missing or needs to be updated?

The password guidelines are unclear when it comes to character composition requirements.

How should this be resolved?

Explicitly recommend against complexity requirements. As is done in the ASVS: https://github.com/OWASP/ASVS/blob/1ecfbe83787087cca9384e4c990b7df72bcbaf2b/4.0/en/0x11-V2-Authentication.md?plain=1#L51C110-L51C198

jmanico commented 3 weeks ago

Agreed and we'd love a PR on this section!