Closed DimitriPapadopoulos closed 1 year ago
There are countries with password rules :O ? I don't think we have some in Germany. There is a pretty good understand what a bad password is and insurances wont pay in these cases but I don't think they rely on a written law.
Can you name a country that has such regulatory rules?
France for example, but these are general "recommendations" from the data protection authority (CNIL) more than regulatory rules: L’authentification par mot de passe : longueur, complexité, mesures complémentaires
Companies will follow the above recommendations, because in case of personal data loss they might be held responsible.
But then is a mere minimal length for passwords considered to be a "dumb password rule"?
In Germany:
I would define a dumb password rule as one that:
Password guidelines (aren't to my knowledge enforced, but are there as reference on what people should do)
Is this a duplicate of #80 ?
I've added a note on the new site about page on the definition of a dumb rule. Which is, in fact, that there's no real definition here except that you'll probably know one when you see one. https://dumbpasswordrules.com/about/