The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Creative Commons Attribution Share Alike 4.0 International
27.97k
stars
3.91k
forks
source link
Update: Authentication_Cheat_Sheet #1506
Closed
nobodynate closed 3 weeks ago
What is missing or needs to be updated?
The password guidelines are unclear when it comes to character composition requirements.
How should this be resolved?
Explicitly recommend against complexity requirements. As is done in the ASVS: https://github.com/OWASP/ASVS/blob/1ecfbe83787087cca9384e4c990b7df72bcbaf2b/4.0/en/0x11-V2-Authentication.md?plain=1#L51C110-L51C198