Re: Password authorization

On 21 Jan 2022, at 3:24, Daulat wrote:

> Yes, you are right, I am planning for password complexity rules and to, force users to change their password.
>
While you are in the planning stages you may wish to review current best practice, e.g., USA National Institute of
Standardsand Technology. 

For me the most interesting aspect of the revised standard is how forcing password changes and complexity rules often
leadsto reduced security in the real world. 

Refer:
https://pages.nist.gov/800-63-3/sp800-63-3.html
https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/ (for a more human readable version :)

Regards

Gavan Schneider
——
Gavan Schneider, Sodwalls, NSW, Australia
Explanations exist; they have existed for all time; there is always a well-known solution to every human problem —
neat,plausible, and wrong. 
— H. L. Mencken, 1920