Why is this allowed??>Have at least 8 characters>Have upper and lowercase letters, and at least one number>Have less than 4 repeated characters>Not contain any of your personal information>Be different from your previous 5 passwords>Not contain commonly used words
why are they keeping the old passwords?
>>107090718NIST recently updated it's guidelines, take a lookPassword switching is out, long passwords are inIt's a computer program that would be cracking my pass, using a $ instead of an S doesn't do anything to slow it down
>>107090806>No More Frequent Password Changes:NIST now advises against mandatory periodic password changes unless there is evidence of a breach or suspicion of compromise. The rationale is that forcing users to change their passwords too frequently often leads to weaker passwords being created>Longer, Stronger Passwords:NIST now encourages the use of longer passwords—suggesting that they should be at least 12-16 characters long for most scenarios. This is because longer passwords exponentially increase the difficulty of a brute-force attack, making them far more secure than shorter, simpler passwords.NIST also recommends using a passphrase (a combination of random words or a memorable sentence) instead of complex but hard-to-remember character strings, which can improve both security and usability.>Complexity Requirements Relaxed:There’s a move away from enforcing overly strict password complexity rules (like requiring uppercase letters, numbers, and special characters). Instead, the focus is on length and entropy (the randomness or unpredictability of a password). Users are still encouraged to avoid obvious patterns (e.g., "password123") but are not forced into creating overly complex, hard-to-remember passwords.>Use of Multi-Factor Authentication (MFA):NIST strongly encourages the use of multi-factor authentication (MFA) wherever possible. Even with strong passwords, MFA adds an additional layer of security, significantly reducing the risk of unauthorized access.>Password Blacklists:Passwords that are known to be weak or commonly used (e.g., "123456", "password", "qwerty") are now explicitly discouraged. Systems are encouraged to use password blacklists to prevent users from choosing weak passwords, further increasing security.>Password Managers:Because it can be difficult to remember long and complex passwords, NIST encourages the use of password managers to help store and generate secure passwords.
Anon007@gmail.comis my password good enough
>>107090872Follow the rolls anon here >>107090846
>>107090718That's not too bad.A common huge red flag that a website has dogshit security is a maximum password length. Just last week I encountered a max length of 16 characters. That means they're most likely not using any proper hash function and probably even storing it as plaintext.
>>107090895name the site anon
>>107090718haha OP I love froggo XD
>>107091349
>>107090735Hopefully they're just keeping the hashes.>>107090806If by recently you mean like 10 years ago. Jeets apparently didn't get the memo because it seems like the old ways are only increasing.
