this post was submitted on 26 Sep 2024
547 points (100.0% liked)

Technology

67338 readers
3690 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
547
NIST proposes barring some of the most nonsensical password rules (arstechnica.com)
submitted 5 months ago by [email protected] to c/[email protected]
169 comments fedilink hide all child comments
 

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 5 months ago (5 children)

What kind of barbarian puts a space in their password?

[–] [email protected] 44 points 5 months ago (1 children)

Very common for pass phrases, and not dissuaded. Pass phrases are good for people to remember without using poor storage practices (post it notes, txt file, etc) and are strong enough to keep secure against brute force attacks or just guessing based off knowledge of the user.

[–] [email protected] 10 points 5 months ago (1 children)

On one hand, that's true. On the other hand, a person should only need exactly one passphrase, which is the one used to unlock their password manager. Every other password should be randomly-generated and would only contain space characters by chance.

[–] [email protected] 19 points 5 months ago

That's great in theory, but you'll have passwords for logging into OSes too which password managers do not help with and you better have it memorized or you're going to have a bad time.

[–] [email protected] 28 points 5 months ago* (last edited 4 months ago) (1 children)

Deleted

[–] [email protected] 3 points 5 months ago* (last edited 4 months ago) (1 children)

Deleted

[–] [email protected] 2 points 5 months ago

That's the "zero width space," Alt + 200B for Windows users. Another favorite of mine is the nonbreaking space, Alt + 0160, which a staggering majority of web sites and other systems fail to account for.

[–] [email protected] 17 points 5 months ago (1 children)

gosh who would want an uncommon character that obviously most average people aren’t thinking about in their passwords, that sounds like it might even be somewhat secure.

[–] [email protected] 1 points 5 months ago

hunter 2

unhackable

[–] [email protected] 7 points 5 months ago

My passphrase includes several spaces. It's another character to assist in entropy.

[–] [email protected] 1 points 5 months ago (1 children)

I'm with you, despite seeing lemmings downvote the heck out of your comment 😢

The reason, and specifically for whitespace at the beginning or end of a password, is that a lot of users copy-paste their passwords into the form, and for various reasons, whitespace can get pasted in, causing an invalid match. No bueno.

Source: I'm a web developer who has seen this enough times that we had to implement a whitespace-trim validation for both setting & entering passwords.

[–] [email protected] 8 points 5 months ago

Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.