Active
Project:
Password Policy
Version:
7.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
17 Apr 2017 at 20:04 UTC
Updated:
17 Apr 2017 at 20:04 UTC
Jump to comment: Most recent
The "Example policy" seems to be arbitrarily constructed (i.e., not based on any research or standard). This means we are spreading yet another (suboptimal) password policy. :(
The following 2016 paper, with authors from well regarded institutions/companies, makes some recommendations:
https://dl.acm.org/citation.cfm?id=2891411
I haven't yet read it through. If anyone has other ideas on what standard or research should be the basis of a default password policy, please share.
Comments