What is Nostr?
Aaron Toponce ⚛️:debian: /
npub14df…5uyy
2023-11-26 14:46:09

Aaron Toponce ⚛️:debian: on Nostr: I've been screaming this for years. Service providers that provide authentication ...

I've been screaming this for years. Service providers that provide authentication should do these two things at a minimum:

1. Require at least 12 characters.
2. Use ZXCVBN to estimate password strength and require a score of 4.

Interestingly enough, if you do those two things, you don't have to have stupid password complexity requirements, and you don't need a blacklist, as 12+ characters with a ZXCVBN score of 4 won't show up in password database breaches.

https://www.cc.gatech.edu/news/largest-study-its-kind-shows-outdated-password-practices-are-widespread

#passwords
Author Public Key
npub14dfr55yyvfw0leduur7e4af7fnkeegww6e2n64laxkkdyn4sufrqhs5uyy