joelgsamuel
commented
5 years ago Password length shouldn't be unlimited, maybe say 128 chars (its to stop a DDoS forcing the app to calculate really long hashes)
Closed warmanaMOJ closed 5 years ago
joelgsamuel
commented
5 years ago Password length shouldn't be unlimited, maybe say 128 chars (its to stop a DDoS forcing the app to calculate really long hashes)
warmanaMOJ
commented
5 years ago @cybersquirrel
Please may I request approval to publish the updated password standard, based on a request to add information regarding User Facing Services?
I have added a new section, here discussing UFSs.
I have also included direct feedback following review comments from discussion on #security, affecting the related document password guidance.
Thank you.
cybersquirrel
commented
5 years ago Hello,
Only comment is on the first bullet point in that section discussing UFSs, where it sort of sounds like it is the service's responsibility to ensure users have complex & different passwords, when I think our point is that we want to do nothing to discourage password management tools, so that they can have complex and different passwords for all of the services they use... maybe I'm overthinking this!
Maybe tweak to "Password managers help people to have complex passwords which are different for each service they use, so we want to support their use"?
Other than this - approved!
warmanaMOJ
commented
5 years ago Thank you - adjusted accordingly, and published.
Could you add guidance about not using a single word from the dictionary/ preferably using a combination of uppercase, lowercase, numbers and specials for all users as a non System administrators or developers may not scroll down to the part where this is stated?