Mtinie 4 days ago

> If the password length is 12 to 15 characters, it will be valid for 180 days

> If the password length is 16 to 32 characters, it will be valid for 365 days

Madness.

Reply View 8 replies
  • lofties 4 days ago

    I'm a big fan of "should not include profanity, words of a vulgar nature". It's not unthinkable my password manager comes up with a chain of letters that at one point will include "fuck".

    Reply View 7 replies
    • WarOnPrivacy 4 days ago

      > I'm a big fan of "should not include profanity, words of a vulgar nature".

      On my first Wireguard testbed, WG's keygen dropped one at the front of the key. It remains my most treasured digital possession.

      Reply View 0 replies
    • tiltowait 4 days ago

      This comment reminded me of a talk I saw[1] about Apple's password generation algorithm. Apparently (and unsurprisingly), they have a list of offensive terms the system is designed to avoid. I expect this is common-enough practice in most popular password managers, but probably not all.

      [1] https://www.youtube.com/watch?v=-0dwX2kf6Oc

      Reply View 3 replies
      • notpushkin 4 days ago

        It would be fun to make a passphrase generator that always includes a profanity.

        Reply View 2 replies
    • andrewaylett 3 days ago

      Word list based passphrases mostly avoid this, by not including those words. Which still doesn't mean you won't get something offensive, of course, it'll just be a string of four words instead of four letters.

      Reply View 0 replies
    • seadan83 4 days ago

      It kinda is good personal policy IMO for passwords you have to type to be positive affirmations. I used 'Fuckthis1!' for a moment; funny enough it was not the most moralizing thing to type all the time! OTOH, 'H@ppyH@ppyJoyJoy!!' was always a small mood lift.

      Reply View 0 replies
dmoy 4 days ago

What's the scope of that? Not consumer accounts I imagine? I haven't had to change my bank account passwords in over a decade.

Reply View 0 replies