The latest NIST (United States National Institute for Standards and Technology) guidelines on password policies recommend a minimum of 8 characters. Perhaps more interesting is what they recommend against. They recommend against allowing password hints, requiring the password to contain certain characters (like numeric digits or upper-case characters), using knowledge-based authentication (e.g., what is your mother's maiden name?), using SMS (Short Message Service) for two-factor authentication, or expiring passwords after some amount of time. They also provide recommendations on how password data should be stored.
[Ed. Note: Contrary to common practice, I would advocate reading the entire linked article so we can have an informed discussion on the many recommendations in the proposal. What has been your experience with password policies? Do the recommendations rectify problems you have seen? Is it reasonable to expect average users to follow the recommendations? What have they left out?]
(Score: 3, Funny) by SomeGuy on Friday August 19 2016, @08:14PM
Yes, very silly. You forget that the system needs to LOOK secure, even if it isn't (also see: TSA).
Incidentally, your new password is: ^7j\%_kt%{s/Pn#Zm.D6b+xU{;>?WRh},wyCNM',&,(2hfJsCsMW7$G_,wGw36bF7jg$8sa/#fd(.vPN7nJN+4:^,8.yrQCE\;Q6VT(Twn)hC+a].$HgQNVdr&3E\b&~ZPW}eC#HrFTy(;3Ltk}^WD#])^@WDH``mu~BrX;s+bc7Hx%}+/hW3aqh;k&^Xa#bUCPY.n;TSaGs$#:cgEq4]55!"K;}.fP!Hm2~F4m5}`:f%,*2S7&GHt:tJ=N_s2nc~=_S'-epge75bJCC(N2/B}!F>H(D_*RL@z6#E5s{)*D/;9tEs,X)hgp]Lhn?b#.F7Jm7?`y28#[5"7>:x4$p`,>;a(EKLq*4ezgY_Ef[EMcz5yeg^(tr"&U/p_;-,#gTJq>$_q=u!2jF&?]Ude*C9J`7;~G(9F~AzB2&(D=uG7\n_aERgf+5K;eR:Ax/zeHZfKF5jE[)D^VyD&tQ:(tzh[f`$XBdQ9z:.Yp)X+wMA_$a='^#Yc^8FUj=!]NntSeQG7chPa*>Nmkg?MjSg+k^=U3[ux\M36]kXPQxj&CjYdh]h{'5qMS]362H5^$K%&bD'3;KgP2@NfkS$KfL{=p`mJ]LEP4?y(d/&(H/jP]zH?g-:.^jxT8VAT!BacZf';X>DK/M$*4V3hYR!66j/K;$8`X~7}Cgya~~$ZTcKVFXt.7W($=GGf]Mxg*pQ,=fAJ/\YbQy-9)qDSNpja"N6rLjYsRVF=hrVk`jFRY/Vpj#UWfL4Ae4q_&QNnEc)W;F5A{jUTZ\]Q>k+a"p8t"TS=V34~nku!MVhnc5'qrJW%WKTD*V+bK,2dnP[fsESG#gN"3`+%}Ds]#tV`2C4Lm/McqS+Bxy>dgCVyq/xQh?T:$K{a>K\%DXYK'_$/c$!"WbMe[hRkWUFLv=N]HjJ!PY62*L);F7+3BqUPM
You must not forget it, and you are not allowed to write it down.
(Score: 1, Funny) by Anonymous Coward on Friday August 19 2016, @08:29PM
There was a time when I used to tell people to change their random password to something they could remember. They never did. Instead they blamed me when they couldn't remember their random password. I don't bother to tell people anything anymore.
(Score: 4, Funny) by Whoever on Saturday August 20 2016, @01:21AM
His password is Perl code?