Comment by Mtinie
> If the password length is 12 to 15 characters, it will be valid for 180 days
> If the password length is 16 to 32 characters, it will be valid for 365 days
Madness.
> If the password length is 12 to 15 characters, it will be valid for 180 days
> If the password length is 16 to 32 characters, it will be valid for 365 days
Madness.
> I'm a big fan of "should not include profanity, words of a vulgar nature".
On my first Wireguard testbed, WG's keygen dropped one at the front of the key. It remains my most treasured digital possession.
This comment reminded me of a talk I saw[1] about Apple's password generation algorithm. Apparently (and unsurprisingly), they have a list of offensive terms the system is designed to avoid. I expect this is common-enough practice in most popular password managers, but probably not all.
Now I'm trying to remember where I read the story about somebody who was in a programming class and was writing some program that took user input, and figured that it should be smart enough not to repeat curse words. So they started writing down all the curse words it should know not to say, and that was about the extent of what they had done when the teacher came around to see how everything was going.
It would be fun to make a passphrase generator that always includes a profanity.
Word list based passphrases mostly avoid this, by not including those words. Which still doesn't mean you won't get something offensive, of course, it'll just be a string of four words instead of four letters.
It kinda is good personal policy IMO for passwords you have to type to be positive affirmations. I used 'Fuckthis1!' for a moment; funny enough it was not the most moralizing thing to type all the time! OTOH, 'H@ppyH@ppyJoyJoy!!' was always a small mood lift.
I'm a big fan of "should not include profanity, words of a vulgar nature". It's not unthinkable my password manager comes up with a chain of letters that at one point will include "fuck".