Feedback was received, pointing out that NCSC guidance recommends avoiding a requirement for complex passwords. Further, having a suitable password block list, alerts on brute force attempts,
a maximum tries lockout, and identification of attempted sign ins from unusual locations would all comply with the intent of the NCSC guidance while removing the need for complex passwords.
This issue will draft an updated version of the password standard, accordingly, for review purposes.
Feedback was received, pointing out that NCSC guidance recommends avoiding a requirement for complex passwords. Further, having a suitable password block list, alerts on brute force attempts, a maximum tries lockout, and identification of attempted sign ins from unusual locations would all comply with the intent of the NCSC guidance while removing the need for complex passwords.
This issue will draft an updated version of the password standard, accordingly, for review purposes.